Workforce Docs
SDKWorkforceEnd User GuideSupport
Searchโ€ฆ
๐Ÿ‘‹
Welcome
๐Ÿ”‘
Why Go Passwordless?
๐Ÿ“ข
Internal Communication
๐ŸŽง
Helpdesk Onboarding
Identity and Access Mgmnt
Okta
Account Linking Config
Identity Provider Config
AWS Cognito
ForgeRock
Auth0
OneLogin
Ping Identity
Microsoft ADFS
Salesforce
Extensions
RADIUS
Workstation
Windows Login
RDP Access
VDI Access
VPN
Fortinet FortiClient
Palo Alto Networks GlobalProtect
OpenVPN
Check Point VPN
Powered By GitBook
Identity Provider Config
The OpenID Connect IdP configuration allows enrolled users to authenticate with Keyless to get access directly into their Okta portal or Okta enabled apps.
From your Admin dashboard, go to "Security" on the top menu and click "Identity Providers":
Click "Add Identity Provider" and select "Add OpenID Connect IdP"
In the following screen configure the following:

General Settings

Field
Value
Name
"Keyless"
Client ID
[an ID of your choice, which will need to be provided to Keyless]
Client Secret
[an ID of your choice, which will need to be provided to Keyless]
Scopes
email, openid, profile

Endpoints

Values are extracted from the well-known file you received from Keyless.
Field
Value
Issuer
issuer
Authentication Endpoint
authorization_endpoint
Token Endpoint
token_endpoint
JWKS Endpoint
jwks-uri
User Info Endpoint
userinfo_endpoint

Advanced Settings

Field
Value
IdP Username
idpuser.externalId
Match Against
Okta Username
Account Link Policy
Automatic
Auto-Link Restrictions
None
If no match is found
Create New User (JIT)
Profile Source
check
Group Assignments
None
If you donโ€™t want to assign through JIT (Just in Time) provisioning to a specific group, select the option โ€œRedirect to sign-in pageโ€ under If no match found. This will block the use of the Keyless authentication as a profile master, letting Okta account system manage userโ€™s subscription to the org.
In the end of the configuration, click on Update Identity Provider. On the Identity providers page, you will see that your IdP has been created. If you expand its information view, you will see all the details you need to use the external IdP on a deployed Keyless Auth service. Take note of the IdP ID and Redirect URI.
At this stage, please provide Keyless with the following through a secure channel:
  • Client ID and Secret of Account Linking App.
  • Client ID and Secret of Identity Provider.
  • IdP number and redirect URI of the Identity Provider.

Configure Routing Rules

Under "Identity Providers" go to "Routing Rules" to configure which users and groups will have access to the Keyless Identity Provider and will use Keyless as their authentication method.
Make sure that the Keyless Account Linking application is configured to use the default Okta identity provider (as the first rule) so that users will be able to link their account properly.
Previous
Account Linking Config
Next - Identity and Access Mgmnt
AWS Cognito
Last modified 1yr ago
Export as PDF
Copy link
Outline
Configure Routing Rules