The following figure shows the Configure New Identity Provider area.

Configure New Identity Provider page
Configure New Identity Provider page

The following table describes the parameters on the Configure New Identity Provider page.

Parameter

Description

Identity Provider Name

Specifies a unique name for your new identity provider. The application displays this name under Manage and Configure Identity Providers.

Client ID

Specifies a unique identifier that is provided by the identity provider.

Scopes
(Optional)

Specifies the limitations of the application access of user accounts. A user's application access is limited to the features that are specified by the Scopes parameter. The features are displayed as a list where the items are separated by commas with no spaces. The external identity provider provides the scopes.
Example: profile,email,openid,offline_access

Authentication Scheme

Specifies a unique identifier that is used by the system to identify the identity provider.
Format: oidc-identityProviderName
Example: oidc-ad-hc, oidc-google-dev

Email Domain(s)
(Optional)

Specifies a comma-separated list of email domains supported by this identity provider.
Example: thermofisher.com, unitylabservices.com

Authorization URL

Specifies the IP address and port of the identity provider. This URL can be found on the identity provider’s website.
Examples:
Azure AD – https://login.microsoftonline.com/organizations/v2.0
Google – https://accounts.google.com/o/oauth2/v2/auth

Client Secret

Specifies a string that the application uses to prove its identity when it requests a token (also referred to as an application password). The string is provided by the identity provider.

Response Types

Specifies the response type provided by the identity provider.
Values: code, token, id_token

Callback Path

Specifies the path that the application directs you to when you log in. It must be set up as an allowed callback or redirect URI on the identity provider.
Format: /signin-oidc-identityProviderName
Example: /signin-oidc-google-dev

NOTE When you register the path with the identity server, use this format: https://identity.ardia.thermofisher.com/signin-oidc-identityProviderName
Example: https://identity.ardia.thermofisher.com/signin-oidc-google-dev