title: Adding Identity Issuer draft: false aliases:

  • /context/howtoaddanidentityissuer/
  • /context/admin/security/howtoaddanidentityissuer tags:
  • security
  • Identity-issuers
  • clients

Overview

This section will provide information of how to add a new Identity issuer to the MOPS 4.0 Application or The Excel Application.

An Identity issuer can be Entra ID or ADFS and they are added as both as an Identity issuer and as a Client.

The first step is to add a Identity issuer and then the client.

Add the Identity issuer

Click on the cog wheel for the settings menu and select Security and then Identity issuers.

Security Menu

Click on the (+) button at the bottom and a side panel will show. Now add the information needed by the form, in this example Entra ID has been used (with the tenant id omitted).

The Form

Name

This field is the name chosen for the Identity issuer and will be used when configuring Identity issuer for the client later.

Issuer URL

This is the URL used for the issuer to get the access token that is used by the application.

Location (Management URL)*

This is used for storing the URL of the administration page of the Identity issuer.

Documentation*

This is used for storing the URL of the documentation of the Identity issuer.

Login Placement

This is where on the login screen the Identity issuer should be visible, at the top (Primary) or at the bottom (Secondary).

Order Index

The order placement of the Identity issuer in the selected placement.

*Optional

When filling out the form it should look something like the following image.

Security Menu

When configuration is done, click save.

Next step is to add a client for the Identity issuer.

Add the Client

Click on the cog wheel for the settings menu and select Security and then Clients.

Security Menu

Click on the (+) button at the bottom and a side panel will show. Now add the information needed by the form, in this example Entra ID has been used (with the app id omitted)

The Form

OpenID Connect Client Id

This is the client or app id that is given by the Identity issuer.

Application

Select MOPS40 as this is the main application that is used for logging into the MOPS 4.0 web application. If this configuration is for other application like Excel, then select that one.

Issuer

Select the issuer recently created, in this case Entra ID.

Display Name

This will be the name presented on the login page. It is good practice to use a name that will present or the user which client and Identity issuer that is used.

Account

This is only needed for background services. Leave unselected if you are setting up for the Web or Excel Application.

Response Type

MOPS 4.0 supports multiple response types and for MOPS 4.0 web application it should always be code.

For background services, it should be set to None.

Scope

The scopes selected to gain access to resources from the Identity issuer. For MOPS 4.0 web application it is required to set “openid profile email”. For Entra ID, the “offline_access” and “api”, are needed as well.

For background services, only “openid” is required.

Load User Information

This field should in most cases be set to No.

When filling out the form it should look something like the following image.

Security Menu

When configuration is done, click save.

Backend Configuration

Goto the MOPS 4.0 Native Service Configuration file and look at the section under security -> issuers and add the issuer url as configured on the identity issuer screen in the first step

Summary

Next time a user will login into the application, the client should now be provided on the login page.