OIDC Provider Setup

This topic describes how to set up and pair two common identity providers with the OIDC configuration in Workbench. Each process switches between the identity provider and the Workbench interface at times, and requires a previously configured account with the identity provider.

  1. Sign into the Azure Portal.

  2. Click Microsoft Entra ID in the Azure services list.

  3. On the sidebar, under Manage, click App registrations.

    Microsoft Entra ID overview page

  4. Click + New Registration and define the new app:

    1. Enter a name in the Name box.

    2. On the Supported account types list, select the account type.

    3. Enter the following values in the Redirect URI section:

      • TypePublic client/native (mobile & desktop)

      • URLhttp://127.0.0.1/oauth2reply/oidc

    4. Click Register.

      The new app registration is created and you are redirected to the home page of the app registration.

      Microsoft Entra ID register an application page

  5. On the sidebar, under Manage, click Authentication.

    The Platform Configurations page opens.

  6. Click + Add a Platform.

    The Configure Platforms window opens.

    Microsoft Entra ID configure platforms screen

  7. Click Single-page application.

    The Configure single-page application window opens.

  8. Enter a redirect URI following this pattern: https://HOSTNAME/DIVEPORTNAME/ . For example, https://diver.example.com/diveport/. The trailing slash is required.

    Microsoft Entra ID configure single-page application screen

  9. Click Configure.

    NOTE: If you have additional web applications, click Add URI in the Single-page Application section and follow the same URI pattern for each additional web application.

  10. In the Mobile and desktop applications section, click Add URI three times.

  11. Enter the following values in the new URI boxes:

    • http://127.0.0.1/oauth2reply/oidc

    • com.dimins.gateway://oauth2reply/oidc

    • com.dimins.dimobile://oauth2reply/oidc

    Microsoft Entra ID authentication page

  12. Click Save.

  13. On the main Directory page, under the Manage section of the side bar, click Enterprise Applications.

    The All applications page opens.

  14. Select your new application from the list of applications.

    The Overview page opens.

  15. On the sidebar, under Security,click Permissions.

  16. Click Grant admin consent.

    Microsoft Entra ID grant admin consent

    Your Microsoft Entra ID identity provider is now set up. The following steps cover how to add your application information to DiveLine. It is recommended to open a Notes app to store values that you will copy from Microsoft Entra ID to Workbench.

  17. On the sidebar, click Overview.

  18. Click the copy icon to the right of the Application (client) ID string.

    The client ID is saved to your clipboard.

  19. Either paste this value in DiveLine (step 28) or paste it in your Notes app.

  20. Click Endpoints.

    The Endpoints screen opens.

    Microsoft Entra ID application client ID and endpoints view

  21. Copy the portion of the OpenID Connect metadata document URL from https through /v2.0. For example, https://login.microsoftonline.com/[Directory ID]/v2.0.

  22. Either paste this value in DiveLine (step 29) or paste it in your Notes app.

  23. In Workbench, open a connection with the DiveLine in which you are configuring OIDC.

  24. Click Tools > Server Settings.

  25. Expand the OpenID Connect Settings chevron.

  26. Click Edit OIDC Identity Providers.

    The Edit OIDC Providers window opens.

  27. Click the plus icon .

    A new Identity Provider row is created.

  28. Paste Application (client) ID in the Client ID column in the new row.

  29. Paste the portion of the OpenID Connect metadata document URL in the Issuer column in the new row.

  30. Click OK.

  1. Go to Google Cloud.

  2. Click Select a project in the upper left banner.

    If no project exists, click New Project to create a project.

  3. On the sidebar, under APIs & Services,click Credentials.

    The Credentials page opens.

  4. Click Create Credentials.

  5. Click OAuth client id.

  6. On the Application type list, select Web application.

  7. On the Authorized redirect URIs section, click + Add URI for each of the following values that you want to redirect to:

    • http://127.0.0.1/oauth2reply/oidc

    • com.dimins.dimobile://oauth2reply/oidc

    • com.dimins.gateway://oauth2reply/oidc

    • com.dimins.programadvisor://oauth2reply/oidc if using Program Advisor

    NOTE: For all other web applications, follow the pattern of https://[Host Name]/[DivePort Name]/. For example: https://diver.example.com/diveport/. The trailing slash is required.

  8. Click Create.

    Your web application is created.

  9. Click the name of your web application on the OAuth 2.0 Client IDs list.

    Your application window opens, with client information on the right side. Keep this window open, or copy the information on this window to a Notes application, as you will use this information to configure Workbench OIDC.

  10. In Workbench, open a connection with the DiveLine in which you are configuring OIDC.

  11. Click Tools > Server Settings.

  12. Expand the OpenID Connect Settings chevron.

  13. Click Edit OIDC Identity Providers.

    The Edit OIDC Providers window opens.

  14. Click the plus icon .

    A new Identity Provider row is created.

  15. In the Issuer field, enter https://accounts.GOOGLE.com.

  16. On the Google Cloud application window that you opened in step 9, copy the Client ID and paste the value in the Client ID box.

  17. On the Edit OIDC Providers window, click Advanced.

    The OIDC Advanced Options window opens.

  18. On the Google Cloud application window that you opened in step 9, copy the Client Secret and paste the value in the Client secret box.

Mentioned in: