Configure a third party ID token

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 4분

    • Configure a third-party ID token to enable secure authentication by verifying user identities through an external IdP. The third-party ID token improves security by reducing stored credentials, confirms seamless authentication, and supports interoperability with industry standards like OpenID Connect (OIDC).

    시작하기 전에

    Role required: oauth_admin, mi_admin, admin

    프로시저

    1. Navigate to Machine Identity Console > > Inbound integrations > New integration > Third party ID token.
    2. Update the text fields in the Details form with the appropriate information.
      표 1. Details form
      Field Description
      Name The name provided by the resource owner (user) during authentication.
      Provider name Enter the name of the service provider you want to integrate with. Example: Microsoft, Google, Zoom, SAP, etc.
      주:
      Provider name is a mandatory field.
      Client ID The unique ID assigned to identify the application.
      Client secret The secret key that only the application and the authorization server can identify. The application uses this key to authenticate and obtain access tokens.

      Enforcing token restriction applies limitations on how an OAuth access token can be used, enhancing security by verifying tokens are valid only under specific conditions. Enable the Enforce token restriction check box to limit OAuth access tokens to specific APIs defined in the API access policy. If Enforce token restriction is turned off, the token can be used across other REST APIs.

    3. Update the text fields in the Auth scope (optional) form with the appropriate information. The authentication scope defines the level of access an application has to a resource. Select the authentication scope for the specific REST APIs you want to access.
      표 2. Auth scope form
      Field Description
      Auth scope The level of access an application has to a resource. The authentication scope restricts the actions that an access token can perform on APIs or data.
      Limit authorization The names of the APIs for which you want to restrict authorization.
      Allow access only to APIs in selected scope Enable the option for the integration to only access APIs that are explicitly listed in the selected scopes.
      1. Select Create new auth scope to add a new auth scope.
    4. Update the text fields in the Advanced options (optional) form with the appropriate information.
      표 3. Advanced options form
      Field Description
      Access token lifespan The duration (in seconds) for which the OAuth access token remains valid before it expires.
      주:
      The default value is 1800 seconds.
      Refresh token lifespan The duration (in seconds) for which the OAuth refresh token remains valid before it expires.
      주:
      The default value is 8,640,000 seconds.
    5. Select Save.
      A new third-party ID token is created.
    6. Go to All > Inbound integrations > Application Registries to view the newly created third party ID token.