Authentication Issuer – Custom Identity
Authentication Issuer – Custom Identity
An Identity provider holds the user database, and, authenticates users against it. Agilicus supports any OpenID-Connect based identity provider. This includes Okta, Microsoft, Google, etc.
Most customers will use the ‘Shared Identity’ feature which is zero-touch configuration. However, some will wish to implement custom rules inside their identity provider, requiring creation of a ‘new application registration’.
To add a custom provider, select ‘add provider’
You will see two choice: ‘Azure Active Directory’ (which will give you a guided walk through), or, ‘Other’. In other you will configure a row in a table.
Once you have added the row, you have these columns:
- name — what the user will see on the sign in page
- issuer — the URI (e.g. https://login.microsoftonline.com/TENANTID/v2.0)
- icon — from your theme, e.g.
google,microsoft - client id — as given by your identity provider (e.g. TENANTID)
- secret — as given by your identity provider
- auto-create — if set, users will be created automatically in Agilicus if they can sign in via this upstream identity provider. Do not use with public providers.
- type — Generic (or Microsoft for non-compatible extensions)
- offline consent — if true, ask for consent to do
refreshflow (aka offline) - request user info — if true attempt to fetch additional user info (e.g. group mappings)
- issuer external host — leave blank typically
- username key — blank (or e.g. username, email, etc)
- email key — typically email
- verifies email — if set the upstream provider forces verification of email address
- redirect uri — the redirect URI to your Agilicus-provided authentication federation. Typically https://auth.ca-1.agilicus.ca/callback
You may also use the action-button (3-dots) to configure group mappings, these will import groups from your upstream identity provider automatically
Related Configuration
Return to Product Configuration
- Agilicus AnyX Frequently Asked Questions
- VNC Desktop
- Agilicus Connector – Container/Docker
- Agilicus Connector – NanoPI R5S
- Agilicus AnyX Product Updates
- Agilicus Connector – Microsoft Windows
- Sign-In Errors
- Time Synchronisation
- Locked-Down Networks Certificate Revocation
- Signup: Firewall Configuration
- Geo-Location-Based Access Control
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Real VNC & Raspberry Pi
- Connector Install: Raspberry Pi
- Kubernetes Connector Install
- Linux, FreeBSD, Embedded Connector Install
- Connector Install: Ubiquiti EdgeRouter X
- Audit Destinations
- Agilicus Connector Install: MikroTik RouterOS
- Connector Install: Netgate SG-1100 pfSense
- Identity Group Mapping
- Billing
- Auto-Create Users From Specific Domain With Google Workplace
- Organisation
- Authentication Audit
- Authentication Issuer – Onsite Identity
- Authentication Issuer – Custom Identity
- Sign Up
- Microsoft ClickOnce
- Groups
- Agilicus Connector Windows Cluster
- Launchers
- Forwarding
- Usage Metrics
- Service Accounts
- Identity & Authentication Methods
- Content Security Policy
- Users
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Launcher (Desktop)
- Agilicus-Connector
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Command Line API Access
- Applications
- Permissions
- Profile
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Connector Install
- Synology Connector Install
- Authentication Clients
- Shares
- Services
- Resource Permissions
- Resource Groups
- Legacy Active Directory