Creating New Application

In order to create an application, the administrator needs to register one or more Re-direct URLs for the application for security purposes.

Note: To configure the application and its related activities, the administrator needs the required endpoint URLs. Refer to Viewing Well-known Endpoints for more details.
Note: To know more about the REST API support provided for clientID, visit Integrating the HID Authentication Service APIs.
Field Description

Client ID

An unique identifier for the client or user.

Client ID is auto-generated.
Name

Name of the application.
Re-direct URL (optional)

An URL for an application where authentication server redirects the user, along with the authorization code, once authentication is completed from the user.
Client secret

Password or JWT or mTLS certificate for Client/Application authentication.
Authentication Journey

The Authentication Journey is a feature where you can manage the authentication workflow configuration for applications.

Refer to Configuring Authentication Journey for more details.
Select a brand

You can display your brand or a custom look of your application by selecting your customized brand.

Create a customized brand based on the default brand theme such as logo, background color, and background image to match your company’s branding. Refer to Customizing the Brand and Content for more details.
Privileged role

Role assigned will be for the client/application to perform certain operations.

The privileged role is RL_CLIENTIDM2M role.
Refresh token (optional) A type of token that can be used to get new access token.
Refresh token duration The time period or validity of the refresh token. Must be between 100 and 3600 seconds.
Scopes

Scope is a group of user claims which provides a way to limit the amount of access that is granted to an access token. Scopes can be customized based on customer requirement, It can include the custom attributes as well.

For more details about Scopes, refer to Using OPENID Scopes.

To create an application (client), follow the below procedures based on the types of application.

Creating New API Integration Application

API integrating applications are used for user authentication, managing the user identity lifecycle and identity information.

  1. Sign in to Administration portal.

  2. Click Applications in the left navigation bar to open the Applications page.

  3. Click ADD APPLICATION, select API Integration option and then click ADD.

  4. Add Application: API Integration page opens.

    Enter Name and Re-direct URL.

    Note: Enter multiple URLs separated by a comma.

  5. You can select any one of the Client secret. By default, Password is selected.

    If you want to use certificate for Client/Application authentication, then click JWT or mTLS radio button and upload a certificate by drag-and-drop or by browsing to local file explorer.

    Note:

    If the certificate is not trusted, an error message is displayed “No issuer certificate for certificate in certification path found”.

    In order to solve this error, upload a certificate chain as follows:

    • Import a certificate chain which includes root, intermediate, and end-entity (user) certificates. Root certificate is mandatory for mTLS and optional for JWT.

    • The certificate chain must start with root certificate and then intermediate certificate followed by end-entity certificate. The certificate chain can contain number of intermediate certificates.

    • The format of the certificate must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  6. (Optional) Switch on the Privileged role toggle button to assign the Application with privileged role.

    Note: The privileged role is RL_CLIENTIDM2M role, while a non-privileged role is RL_OPENIDCLIENT role.

  7. (Optional) You can enable automatic refresh of the access token, select the check box Enable refresh token. You will be prompted to enter Refresh token duration (must be between 100 and 3600 seconds).

  8. The script for the Scopes field is based on the requirement of an application configuration. For example: {"scopes":["openid","profile"]}.

    For more details about Scopes, refer to Using OPENID Scopes.

  9. Click Save to save the new Application.

    Note:

    • After saving the new application, View Application: API Integration page opens in which the Client ID is automatically generated, you can copy it using the copy icon.

    • If Password is selected as your Client secret, which is generated automatically, you can copy it using the copy icon.

    • If JWT or mTLS certificate is selected as your Client secret, you can view the details of your existing certificate by clicking VIEW CERTIFICATE.

Creating New RADIUS Application

RADIUS applications are used for remote user authentication.

  1. Sign in to Administration portal.

  2. Click Applications in the left navigation bar to open the Applications page.

  3. Click ADD APPLICATION, select RADIUS Application option and then click ADD.

  4. Add Application: RADIUS Application page opens.

    Enter the Name and Re-direct URL.

    Note: Enter multiple URLs separated by a comma.

  5. By default, Password is selected for Client secret.

  6. (Optional) Switch on the Privileged role toggle button to assign the Application with privileged role.

    Note: The privileged role is RL_CLIENTIDM2M role, while a non-privileged role is RL_OPENIDCLIENT role.

  7. Click Save to save the new Application.

    Note: After saving, View Application: RADIUS Application page opens in which the ClientID and Client secret password are automatically generated, you can copy it using the copy icon.

Creating New OpenID Federated Application

Configure the authentication journey workflow with OpenID Federated Application to authenticate the user authentication, managing the user identity lifecycle and identity information.

Note: The OpenID Federated Applications are for new applications only, not for the existing customer created applications.

  1. Sign in to Administration portal.

  2. Click Applications in the left navigation bar to open the Applications page.

  3. Click ADD APPLICATION, select OpenID Federated Application option and then click ADD.

  4. Add Application: OpenID Federated Application page opens.

    Enter Name and Re-direct URL.

    Note: Enter multiple URLs separated by a comma.

  5. You can select any one of the Client secret. By default, Password is selected.

    If you want to use certificate for Client/Application authentication, then click JWT or mTLS radio button and upload a certificate by drag-and-drop or by browsing to local file explorer.

    Note:

    If the certificate is not trusted, an error message is displayed “No issuer certificate for certificate in certification path found”.

    In order to solve this error, upload a certificate chain as follows:

    • Import a certificate chain which includes root, intermediate, and end-entity (user) certificates. Root certificate is mandatory for mTLS and optional for JWT.

    • The certificate chain must start with root certificate and then intermediate certificate followed by end-entity certificate. The certificate chain can contain number of intermediate certificates.

    • The format of the certificate must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  6. From the Authentication Journey drop-down list, select an applicable authentication journey workflow. Refer to Configuring Authentication Journey for details.

  7. From the Select a brand drop-down list, select an applicable brand. Refer to Customizing the Brand for details.

    Note: By default, the default custom brand will be selected automatically.

  8. (Optional) Switch on the Privileged role toggle button to assign the Application with privileged role.

    Note: The privileged role is RL_CLIENTIDM2M role, while a non-privileged role is RL_OPENIDCLIENT role.

  9. (Optional) You can enable automatic refresh of the access token, select the check box Enable refresh token. You will be prompted to enter Refresh token duration (must be between 100 and 3600 seconds).

  10. The script for the Scopes field is based on the requirement of an application configuration. For example: {"scopes":["openid","profile"]}.

    For more details about Scopes, refer to Using OPENID Scopes.

  11. Click Save to save the new Application.

    Note:

    • After saving, View Application: OpenID Federated Application page opens in which the Client ID is automatically generated, you can copy it using the copy icon.

    • If Password is selected as your Client secret, which is generated automatically, you can copy it using the copy icon.

    • If JWT or mTLS certificate is selected as your Client secret, you can view the details of your existing certificate by clicking VIEW CERTIFICATE.