The following article is designed to create a Google OAuth 2.0 External Identity on MyID MFA version 5.0 deployments.
Go to Google API & Services https://console.cloud.google.com/ and sign in with a suitable Google account.
Click the Create Project option.
Give the project a suitable name
- Click Create and the new project will be created
- In the OAuth consent screen of the Dashboard:
- Select User Type - External and click CREATE.
- In the App information dialog, Provide an app name for the app, user support email, and developer contact information.
- Click Save and Continue
- Step through the Scopes step. Click Save and Continue
- Step through to the Test users step. (Note: for testing purposes you may need to add Test users until the app is published)
- To Add Test users click Add Users
- Specify a suitable test user(s) email account and click Add
- Review the OAuth consent screen and go back to the app Dashboard.
- In the Credentials tab of the application Dashboard, select CREATE CREDENTIALS > OAuth client ID.
- Select OAuth client ID.
- From the Application type list select Web application.
- Choose a suitable name for the application
- In the Authorized redirect URIs section, select ADD URI to set the redirect URI (where the URI matches the URL of your MyID MFA v5 Authentication Server). Example redirect URI: https://primary.myidmfa.com:14443/idp/signin-google
Note: It is essential to add the idp/signin-google suffix to the URI to enable the external identity to work correctly.
- Click the CREATE button.
- When the OAuth client ID is created the Client ID and Client Secret is displayed
- Save the Client ID and Client Secret values for use when adding the provider configuration to MyID MFA.
Adding the provider to MyID MFA v5
- Open the MyID Management Console and in either the Actions Panel on the right click Add External Identity or in the left pane, right click External Identities and select Add External Identity.
- The Add OpenID Connect External Identity Wizard launches.
- Click next to continue.
- Provide a name.
- Select a provider type.
- Click Next.
- Select a suitable value for OpenID Connect Claim such as emailaddress.
- Select a suitable User AD attribute to map to such as wWWHomePage.
- Click Next.
- Enter the Client ID and Client Secret which was previously created.
- Click Next.
- Click Next to apply the configuration.
- The wizard completes and adds the new External Identity Provider
- Click Finish to close the wizard.
Enabling the External Identity in MyID MFA v5
- Open the MyID Management Console and in Applications right click on a suitable application and select properties. Ensure under External Identities linked with this application the newly created provider is checked.
- Click Apply to save changes.
- Ensure user(s) have the configured AD attribute populated with a suitable email address value to allow successful logon.
- The logon option using the configured provider should now be present at the logon screen of the application.
0 Comments