Identity Providers

This section provides background information about Local OpenID accounts and Identity Providers for accessing the Flex Client. For procedures or workflows, see the step-by-step section.

The OpenID user login is a decentralized authentication system for the Desigo CC Flex Client. It ensures a secure authentication on the Desigo CC Flex Client on projects that do not have their own domain infrastructure. If you already use OpenID as the authentication system, you can also use the existing Identity Providers account in Desigo CC.

Supported Identity Providers

The authentication is managed by one of the supported identity providers. The following platforms can be used in Desigo CC for identity provider authentication:

The following social identity providers are supported by the above platforms:

  • Amazon
  • Google
  • LinkedIn
  • Microsoft

Obtaining an OpenID

The following diagram illustrates the process for obtaining an OpenID.

  1. You must request credentials from the OpenID provider to login with an OpenID user login. The credentials must be entered in Desigo CC in the Identity Provider tab.
  2. Register the project with the OpenID provider and publish the redirect URL from the Desigo CC Web Service Interface.

You receive a domain address from the identity provider, a client ID as well as a client secret key ID. This information must be entered in the Identity Provider Configuration tab.

Each Desigo CC user in the project must register using his or her e-mail address and a password with the identity provider with an account

Flex Client OpenID Topology and Authentication

OpenID accounts are only for logging into the Flex client.

 

If an OpenID is entered for a Desigo CC user account, authentication of a Desigo CC Flex Client login is an eight-step process. The ID token authentication process includes the corresponding ID data and the information is transmitted in encrypted form via the https protocol. Only authorization code flow is supported for login. All other authorization procedures are not supported in Desigo CC.

 

Identity Providers Workspace

 

Identity Providers Configurations List

Displays the names of the Identity Provider configurations and allows you to Filter on the names in the list. Also, allows you to configure new, edit, and delete Identity Provider configurations.

Identity Provider Toolbar

Identity Provider Toolbar

Icon

Name

Description

New

Displays a new Identity Provider Configuration tab.

Delete

Deletes the selected Identity Provider configuration.

Save

Saves the selected Identity Provider configuration.

Edit

Edit the selected Identity Provider configuration name.

NOTE: The configuration itself can be edited at any time without clicking the Edit button.

 

Configuration Sections

Identity Provide Configuration

Field

Description

Domain

The domain address for the identity provider.
For example: mytenantdomain.com

ID Server Domain

The ID Server domain for the identity provider.
For example: myidserverdomain.com

Client id

A unique id supplied by the identity provider or must be requested from the provider. Each user receives its own assigned ID.

Client secret

A unique ID supplied by the identity provider together with the client ID.
NOTE: No new configuration can be saved if using a domain before entering the new client secret ID.

Connection name

The connection name of the Authorization server added to the IAM platform. The Connection name helps in directly navigating to the authentication page of the server.

If the field is left blank, a standard Auth0 page is displayed where you will have to select connection from the list of connections available on the IAM platform.

Endpoints

Field

Description

Default endpoints

If checked, the default values for the endpoints are used and populated automatically. This is the default setting.

If the checkbox is not checked, the endpoint values must be entered manually.

Code

  • Endpoint: The default value is: authorize
  • Url: A combination of Domain and Code endpoint

Token

  • Endpoint: The default value is: oauth/token
  • Url: A combination of Domain and Token endpoint.

Logout

  • Endpoint: The default value is: v2/logout
  • Url: A combination of ID Server Domain and Logout endpoint. Used to submit logout request to the Identity Provider server.