Configure OpenID Connect for a SaaS application
Learn to configure OpenID Connect parameters for a custom SaaS application.
You can add a SaaS application that uses the OpenID Connect protocol. This process allows EAA to act as an OpenID provider or the identity provider that authenticates the user to the SaaS application.
When configuring this application in EAA, a redirect URI is required from the application (relying party). The redirect URI is where authentication responses are sent and received by the application. In the application, this also may be called the redirect URL or the callback URL.
- Discovery
URL: This URL is automatically generated and based on the
hostname of your identity provider. This page contains all the OpenID
configuration endpoints and is formatted with the following URL: https://<idp-hostname>/.well-known/openid-configuration,
where <idp-hostname> is the hostname of the Akamai identity provider. You provide this URL in the application
to allow the app to discover the endpoints of your configuration.
If the application does not discover this URL automatically, you can download the metadata JSON file with the necessary endpoints and upload this file into the application. If an upload option is not available for this metadata, you must configure the application with the individual elements that are defined in the metadata JSON file.
- Client ID. Unique ID generated for the application.
- Client Secret. The secret that is used along with the client ID for authentication. In the authentication flow, two client secrets (the new and previous key) are available for use to support client secret rotation.
- Claims: Claims define the information that is required to identify and authenticate the user.