OIDC Provider Setup

This topic describes how to set up and pair two common identity providers with the OIDC configuration in Workbench. Each process switches between the identity provider and the Workbench interface at times, and requires a previously configured account with the identity provider.

  1. Sign into the Azure Portal.

  2. Click the menu icon to open the Azure Services sidebar.

  3. Click Azure Active Directory.

  4. On the sidebar, under Manage, click App registrations.

  5. Click + New Registration and define the new app:

    1. Enter a name in the Name box.

    2. On the Supported account types list, select the account type.

    3. Enter the following values in the Redirect URI section:

      • TypePublic client/native (mobile & desktop)

      • URLhttp://127.0.0.1/oauth2reply/oidc

    4. Click Register.

      The new app registration is created and you are redirected to the home page of the app registration.

  6. In Workbench, open a connection with the DiveLine in which you are configuring OIDC.

  7. Click Tools > Server Settings.

  8. Expand the OpenID Connect Settings chevron.

  9. Click Edit OIDC Identity Providers.

    The Edit OIDC Providers window opens.

  10. Click the plus icon .

    A new Identity Provider row is created.

  11. Copy the Application (client id) from the Azure app registration and paste it in the Client ID column in the new row.

  12. Click Endpoints.

    The Endpoints panel opens.

  13. Copy the portion of the OpenID Connect metadata document URL from https through /v.20. For example, https://login.microsoftonline.com/[Directory ID]/v2.0.

  14. On the sidebar, under Manage, click Authentication.

    The Platform Configurations page opens.

  15. Click + Add a Platform.

    The Configure Platforms window opens.

  16. Click Single-page application.

    The Configure single-page application window opens.

  17. Enter a redirect URI following this pattern: https://HOSTNAME/DIVEPORTNAME/ . For example, https://diver.example.com/diveport/. The trailing slash is required.

  18. Click Configure.

    NOTE: If you have additional web applications, click Add URI in the Single-page Application section and follow the same URI pattern for each additional web application.

  19. In the Mobile and desktop applications section, click Add URI three times.

  20. Enter the following values in the new URI boxes:

    • http://127.0.0.1/oauth2reply/oidc

    • com.dimins.gateway://oauth2reply/oidc

    • com.dimins.dimobile://oauth2reply/oidc

  21. Click Save.

  22. On the main Directory page, under the Manage section of the side bar, click Enterprise Applications.

    The All applications page opens.

  23. Select your new application from the list of applications.

    The Overview page opens.

  24. On the sidebar, under Security,click Permissions.

  25. Click Grant admin consent.

  1. Go to Google Cloud.

  2. Click Select a project in the upper left banner.

    If no project exists, click New Project to create a project.

  3. On the sidebar, under APIs & Services,click Credentials.

    The Credentials page opens.

  4. Click Create Credentials.

  5. Click OAuth client id.

  6. On the Application type list, select Web application.

  7. On the Authorized redirect URIs section, click + Add URI for each of the following values that you want to redirect to:

    • http://127.0.0.1/oauth2reply/oidc

    • com.dimins.dimobile://oauth2reply/oidc

    • com.dimins.gateway://oauth2reply/oidc

    • com.dimins.programadvisor://oauth2reply/oidc if using Program Advisor

    NOTE: For all other web applications, follow the pattern of https://[Host Name]/[DivePort Name]/. For example: https://diver.example.com/diveport/. The trailing slash is required.

  8. Click Create.

    Your web application is created.

  9. Click the name of your web application on the OAuth 2.0 Client IDs list.

    Your application window opens, with client information on the right side. You will use this information to configure Workbench OIDC.

  10. In Workbench, open a connection with the DiveLine in which you are configuring OIDC.

  11. Click Tools > Server Settings.

  12. Expand the OpenID Connect Settings chevron.

  13. Click Edit OIDC Identity Providers.

    The Edit OIDC Providers window opens.

  14. Click the plus icon .

    A new Identity Provider row is created.

  15. In the Issuer field, enter https://accounts.GOOGLE.com.

  16. On the Google Cloud application window that you opened in step 9, copy the Client ID and paste the value in the Client ID box.

  17. On the Edit OIDC Providers window, click Advanced.

    The OIDC Advanced Options window opens.

  18. On the Google Cloud application window that you opened in step 9, copy the Client Secret and paste the value in the Client secret box.