Configuring an OAuth Authentication Provider

Prerequisite

You have permissions to access the administrator portal.

Establishing a Trust Between the Application and OneAccess

Configure authorization information for OneAccess in the application to establish a trust on OneAccess.

1. Obtain the authentication information in OneAccess.
   1. Log in to the administrator portal.
   2. On the top navigation bar, choose Settings > Service Settings.
   3. Click OIDC.
   4. On the OIDC page, view the authentication address. Click OIDC Settings in the upper right corner to view the configured authentication parameters.

2. Obtain the callback address in OneAccess. For details, see Table 1.
3. Configure the preceding information in the application. For details, see the application provider's documentation.
4. Obtain the authorization information of the application. For details, see the application provider's documentation.

Adding an OAuth Authentication Provider

Add an OAuth authentication provider and configure the application information in OneAccess.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Authentication > Authentication Providers.
3. Choose Enterprise Authentication Providers > OAuth.
4. On the OAuth Authentication Providers page, click Add Authentication Provider in the upper right corner and set the parameters required.
   Figure 1 Configuration parameters
   

   Table 1 Configuration parameters

   Parameter	Mandatory	Description
   Icon	No	Upload a PNG, JPG, or GIF image whose size does not exceed 50 KB. The recommended size is 32 x 32 pixels.
   Display Name	Yes	Display name of the authentication provider, for example, OAuth.
   Client ID	Yes	Client ID of the application. Obtain the value from the application.
   Client Secret	Yes	Client secret of the application. Obtain the value from the application.
   Authentication Mode	Yes	Default value: authorization_code.
   Client Information Transfer	Yes	Options: basic and post.
   Token Transfer	Yes	Default value: Bearer.
   Scope	No	Authorization scope. Separate multiple values with commas (,).
   Authorization Url	Yes	Authentication URL of the application. Obtain the value from the application.
   ObtainToken Url	Yes	URL for obtaining a token. Obtain the value from the application.
   UserInfo Url	Yes	URL for obtaining user information. Obtain the value from the application.
   Callback URL	Yes	The value is generated by the system and cannot be modified. You can obtain this value when configuring the application.
   Source Attribute	Yes	User attribute returned upon successful authentication by the server. This attribute must be the same as that of the application.
   Related User Attribute	Yes	OneAccess user attribute that maps the user attribute of the OAuth authentication provider. For example, userName.
   No User Associated	Yes	Operation that will be performed if a user successfully logs in through OAuth authentication but fails to be associated with a system user.
   Update Existing Attribute	Yes	Default value: No. Determine whether to update the existing user attribute value when a user logs in successfully through the authentication provider and is associated with a system user.

   To map other attributes, such as full name, set No User Associated to Automatically create users, and click Add Mapping. For details, see Table 2.

   Table 2 Mapping parameters

   Parameter	Description
   User Attribute	Attribute (such as full name) in OneAccess that maps to the OAuth application.
   Mapping Type	Mode of user attribute mapping between OneAccess and the OAuth application. NOTE: If Mapping Type is set to Authentication Provider Attribute, Source Attribute is required. If Mapping Type is set to Fixed Attribute Value, Fixed Attribute Value is required. If Mapping Type is set to Script-based, Script is required.