Identity Providers

Prev Next

An identity provider (IdP) is a service that stores and verifies user identities. The default identity provider for any user is Britive. Create and configure IdP to trust authentication tokens using the following steps:

  1. Log in to Britive with administrator privileges.

  2. Click Admin -> Identity Management.

  3. Select the Identity Providers tab and click on the Add Identity Provider button.

  4. Enter the name and description of the tag and click the Add Identity Provider button.

  5. Enter the following in the Add Identity Provider window:

    1. Select Identity Provider Type:

      1. SAML: Enter Name and Description.

      2. OIDC: Enter Name, Issuer Url, and Description. Issuer URL is part of the Prerequisites for OIDC Providers.

      3. AWS STS: Enter Name and Description. You can configure only one AWS STS identity.

    2. Click Add.

  6. The new identity provider is displayed in the list. Click Manage to configure the identity provider.

    1. SAML: For configuring SSO or SCIM configuration for a particular identity provider, see Identity Provider Integration Guides.

    2. OIDC

      1. Validation Window: The validation window starts from the time the token was issued, as specified in the JWT issued at ('iat') claim. The default validation window is 30 seconds. For more information, see Validation Window.

      2. Attributes map: You can edit the list of attributes map and its values. Map the ID tokens' attributes issued by the OIDC provider to Britive service identity attributes. Identity attributes can be added from the Admin -> Identity Management -> Identity Attributes tab.

      3. Allowed Audiences: Edit a list of allowed audiences.  Allowed Audiences are part of the Prerequisites for OIDC Providers.

    3. AWS STS:

      1. Validation Window: The validation window starts from the time the token is signed, as specified by the x-amz-date request header in the token. For more information, see Validation Window.

      2. Max Request Token Duration: This is the maximum token validity period that can be requested by the client.

      3. Attributes map: You can edit the list of attributes map and its values. Map the ID tokens attributes issued with the AWS provider to Britive service identity attributes. Identity attributes can be added from the Admin -> Identity Management -> Identity Attributes tab.

Note:

If an IdP is deleted, all service identities associated with that IdP are no longer available for authentication, and the access type is set to Static.