Identity Cloud

Enable federation for your tenant

After you set up a federation provider, you can allow Identity Cloud to use the provider to federate administrators.

To perform the following steps, you must be a super administrator in a tenant where federation is enabled.

  1. In Identity Cloud, navigate to Tenant settings.

  2. Click Federation.

  3. Click + Identity Provider.

  4. Select the federation provider to use:

    • Microsoft Azure

    • ADFS

  5. Click Next.

  6. Follow the steps on the Configure Application page and click Next.

  7. On the Identity Provider Details page, complete the following fields:

    • Name: The name of the provider.

    • Application ID: The ID for the application.

    • Application Secret: The client secret for the application.

    • Well-known Endpoint:

      • If you are setting up Azure, this is the URL from the OpenID Connect metadata document field. In the URL, make sure to replace organization with the actual tenant ID for your tenant.

      • If you are setting up ADFS, this is endpoint from the OpenID Connect section.

    • Authorization Endpoint: Automatically obtained from the Well-known Endpoint field value.

    • Token Endpoint: Automatically obtained from the Well-known Endpoint field value.

    • User Info Endpoint: (Azure only) Automatically obtained from the Well-known Endpoint field value.

    • Button Text: The text for the application button.

  8. Click Save.

Managing your client secrets

Create a new client secret

If you have set up Microsoft Azure or Microsoft ADFS as a federation provider, you must create and use a new client secret before the old one expires.

  1. In your provider, create a new client secret:

Update a client secret in the tenant UI

  1. To perform the following steps, you must be a super administrator in a tenant where federation is enabled. In Identity Cloud, navigate to Tenant settings.

  2. Click Federation.

  3. On the Identity Provider Details page, add the new client secret to the Application Secret field.

  4. Click Save.

Store a client secret in ESVs

For security related reasons, you may wish to store your federation provider secrets in ESVs. For details, refer to Use ESVs in federation providers.

Copyright © 2010-2023 ForgeRock, all rights reserved.