Identity Provider (IdP) Management
IdP settings can be configured from more than one location in Control Center:
- In Standard Mode: Control Center Settings: Custom Branding (MVP) for HYPR Affirm
- In Advanced Mode: Global Settings: IdP Settings for the entire server (the controlCenterAdmin app)
- In Advanced Mode: Advanced Config: IdP Management for the Application selected under Choose an App
The configuration for each is identical.
The controlCenterAdmin application OIDC entry will also appear in Advanced Mode: Global Settings: IdP Settings; changing or deleting the entry in either location will globally affect it.
OIDC IdP settings calls can be found here in the HYPR Passwordless API.
Connect HYPR to an IdP using Open ID Connect (OIDC) endpoints.
If you are using the HYPR API to update the OIDC/IdP settings, the API calls will function for both global OIDC/IdP settings (using an Access Token for the controlCenterAdmin application) and RP application-specific OIDC/IdP settings (using an app-specific Access Token).
Set the required authorization URLs to the appropriate endpoints as shown in the table below. In each case, the base URL path is as follows:
https://<yourIdPDomain>/oauth2/default
| Parameter | Setting |
|---|---|
| OAuth URL | https://<yourIdPDomain>/oauth2/default/v1/authorize |
| Token URL | https://<yourIdPDomain>/oauth2/default/v1/token |
| UserInfo URL | https://<yourIdPDomain>/oauth2/default/v1/userinfo |
| JWKS URL | https://<yourIdPDomain>/oauth2/default/v1/keys |
| Logout URL | https://<yourIdPDomain>/oauth2/default/v1/logout |
| Client ID | Use the client ID assigned when you added the application to your IdP |
| Client Secret | Use the client secret assigned when you added the application to your IdP |
| HYPR URL | The relying party URL for your HYPR instance |
| User name claim attribute | preferred_username | email |
When you are finished, click Save Config. HYPR will now use your IdP for Control Center authentication.