Tenant configuration
Tenant properties
The following properties must be configured to connect the tenant with an external identity provider.
The tenantId is a unique identifier for the Unit4 customer organization. A GUID is automatically assigned as the tenantId when you create a tenant in IDS Portal. The same value must be used across all services that the organization uses.
| Parameter name | Parameter type | Description |
|---|---|---|
| TenantId | string | Unique identifier of the tenant (Unit4 customer organization). Required |
| TenantName | string | A short, friendly name for various user interfaces |
| Description | string | Description of the tenant (Unit4 customer organization). |
| CompanyName | string | Name of the organization that this tenant is representing (Users can search tenants by "company name" at partial login screen). |
| Domains | List\<string> | List of the domain names related to the organization that this tenant is representing (Users can search tenants by "domain names" at partial login screen). |
| UserId | string | * To be used internally for auditing * |
| UserName | string | * To be used internally for auditing * |
Idps
A tenant must have at least one Identity Provider configured. If there are more than one and a
client does not indicate (in acr_values) which of them should be used for authentication then
an IdP selection screen will be presented.
| Parameter name | Parameter type | Description |
|---|---|---|
| IdpName | string | Unique identifier of the IdP. |
| Description | string | Description of the IdP. |
| Authority | string | URI address of the IdP authority |
| Protocol | string | name of the protocol. Valid values: "openidconnect", "saml2", "ws-federation" |
| IdpRegId | string | The "client id" registered at the external Identity Provider for the Unit4 Indentity Server |
| IdpSecret | string | This property is only used for the OpenId Connect protocol when getting a new refresh token from the external Identity Provider. The "client secret" or "key" registered at the external Identity Provider for the Unit4 Indentity Server |
| NameClaimType | string | The claim provided by the external Identity Provider that should be mapped to the name claim returned by U4IDS. |
| Unit4IdClaimType | List\<string> | The claim provided by the external Identity Provider that should map to the unit4_id |
| IncludeIdentityScopesInConsent | bool | Show identity scopes in consent screen. If the authority give consent this can be turned off. Default is true. |
| IsTemporary | bool | Temporary Identity Provider functionality manages the lifecycle of temporary IDPs automatically. |
| Priority number | bool | Replaces the default Identity Provider solution with the Identity Provider priority number selected by the user. |
| OpenIDConnectOptions | object | For the openidconnect protocol you can override the default authentication flow with the IdP. |
OpenIDConnectOptions
| Parameter name | Parameter type | Description |
|---|---|---|
| ResponseType | string | Allowed values are: code id_token, code id_token, code, id_token . Default value is code id_token |
| Scope | string | To override default scope you can set this. Default value is openid profile email offline_access |
| EndSessionEndpoint | string | To override default EndSessionEndpoint when IDP, such as Google, does not have any endpoint to end user session |
| AcrValues | string | Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request |