Enable federation for your tenant
After you set up a federation provider, you can allow Identity Cloud to use the provider to federate administrators.
To perform the following steps, you must be a super administrator in a tenant where federation is enabled.
-
In Identity Cloud, navigate to Tenant settings.
-
Click Federation.
-
Click + Identity Provider.
-
Select the federation provider to use:
-
Microsoft Azure
-
ADFS
-
-
Click Next.
-
Follow the steps on the Configure Application page and click Next.
-
On the Identity Provider Details page, complete the following fields:
-
Name: The name of the provider.
-
Application ID: The ID for the application.
-
Application Secret: The client secret for the application.
-
Well-known Endpoint:
-
If you are setting up Azure, this is the URL from the OpenID Connect metadata document field. In the URL, make sure to replace
organization
with the actual tenant ID for your tenant. -
If you are setting up ADFS, this is endpoint from the OpenID Connect section.
-
-
Authorization Endpoint: Automatically obtained from the Well-known Endpoint field value.
-
Token Endpoint: Automatically obtained from the Well-known Endpoint field value.
-
User Info Endpoint: (Azure only) Automatically obtained from the Well-known Endpoint field value.
-
Button Text: The text for the application button.
-
-
Click Save.
Managing your client secrets
Create a new client secret
If you have set up Microsoft Azure or Microsoft ADFS as a federation provider, you must create and use a new client secret before the old one expires.
-
In your provider, create a new client secret:
-
Microsoft Azure: Check and update client secret expiration date.
-
Microsoft ADFS: See step 5 in Create an application group.
-
Update a client secret in the tenant UI
-
To perform the following steps, you must be a super administrator in a tenant where federation is enabled. In Identity Cloud, navigate to Tenant settings.
-
Click Federation.
-
On the Identity Provider Details page, add the new client secret to the Application Secret field.
-
Click Save.
Store a client secret in ESVs
For security related reasons, you may wish to store your federation provider secrets in ESVs. For details, refer to Use ESVs in federation providers.