Configuring OpenID Client Registration

You can register OpenID client applications with ActivID Appliance manually using the ActivID Management Console or dynamically through authn/register .

What is an OpenID Client?

An OpenID Client is considered by the ActivID Appliance server as a ‘normal’ ActivID Appliance user associated with an OpenID client (organization) configuration adapter.

An OpenID Client is defined by:

  • An ActivID Appliance user with a valid credential.

  • Suitable permissions corresponding to the application requirements. For example, if the client’s token will be used in the SCIM API to search for a user, the “search user” permission must be given to the OpenID client (that is, the ActivID Appliance user).

  • An associated OpenID client (organization) configuration adapter where the:

    • Name is identical to the user’s name.

    • Parameters (for authentication) match the user’s credential.

Note: If the OpenID Client is a “Public Client” then:

  • It does not need to have a credential defined.

  • It only needs to have minimal permissions assigned (typically none, unless for specific requirements such as storing user consent as defined in Configuring End-User Authentication):

Topics in this section: