OpenID Connect Authentication

OpenID Connect Authentication Flow

The procedure for linking OpenID Connect authentication with the WebPerformer-NX application is as follows

1. Click the [SP Authentication] icon at the top of the User Manager screen.
2. Select [OpenID].
3. Confirm the single sign-on URL and set it to the external IdP.

	Setup for Okta	Setup for Entra ID	Setup for ID Entrance
Single sign-on URL	English：Single Sign on URL Japanese：シングルサインオン URL	English：Redirect URI Japanese：リダイレクト URI	English：Redirect URL Japanese：リダイレクト URL

Note

• In ID Entrance, please enable “Enable client authentication.”
  Once enabled, the client secret will be displayed.

4. Verify the information required to register an identity provider with an external IdP.
   • For Entra ID

   1. Application ID (client ID) of the registered application
   2. Issuer URL (e.g., https://login.microsoftonline.com/<tenant-id>/v2.0)
   3. Issue the client secret and obtain the value of the client secret

   • For Okta

   1. Client ID of the registered application
   2. Okta URL (e.g., https://oktaice.okta.com)
   3. Get the secret value of the client secret.

   • For ID Entrance

   1. Client ID for registered integration service settings
   2. Publisher URL(e.g.,https://ncid.prod.identrance.jp/realms/<tenant-id>)
   3. The value of the client secret for the registered linked service settings.

5. Register an identity provider.

6. Place a button from the component list as a button for external authentication on the sign-in screen (Sign In ID) of the authentication UI.

7. Open the properties screen of the button for external authentication placed in step 6, and set the following.

   • Select “IdP” from the click event.
   • Enter the name of the identity provider registered in step 5 in the “IdP” field.

8. Save the sign-in screen (Sign In ID) of the authentication UI.

Identity Provider Registration

1. Click the [Create] icon in the upper right corner of the screen.
2. Select OpenID.
3. Enter the Identity Provider information.

Item	Input	Description
Identity Provider Name	Required	Arbitrary names must be other than single-byte spaces, underscores, and commas. The maximum number of characters is 32.
Client ID	Required	This is the value of OpenID Connect Authentication Linkage Procedure 4 - 1.
Client Secret	Required	The value of the OpenID Connect authentication linkage procedure 4 - 2.
Issuer URL	Required	The value of the OpenID Connect authentication linkage procedure 4 - 3.
Attribute Mapping	Required	Set up a mapping between user attributes and IDP attributes. User attribute IDP attribute Required Email （Enter IDP attribute name） ○ Name （Enter IDP attribute name） custom:custom_01 （Enter IDP attribute name） custom:custom_02 （Enter IDP attribute name） custom:custom_03 （Enter IDP attribute name） custom:custom_04 （Enter IDP attribute name） custom:custom_05 （Enter IDP attribute name） custom:custom_06 （Enter IDP attribute name） custom:custom_07 （Enter IDP attribute name） custom:custom_08 （Enter IDP attribute name） custom:custom_09 （Enter IDP attribute name） custom:custom_10 （Enter IDP attribute name） Be sure to map the IDP attribute mapping to the user attribute [email] to the attribute for which email information is registered.

4. Click the "Add" button.
5. The added identity provider will appear in the IdP list.

Note

• For Entra ID, the [IDP attribute] should be set to the claim name. Please note that the claim name will be different if the namespace is set or not.
  For ID Entrance, the only attribute that can be mapped is the user attribute [email].