Configure Identity Providers for OIDC

Ivanti has no control over third-party software or content and is not responsible for the availability, security, or operation, of any third-party software. If you encounter issues while setting up your integration, please contact Ivanti Support.

OpenID Connect (OIDC) uses the OAuth 2.0 framework to allow third-party applications to verify the identity of end users and to allows those users to access resources and services hosted by different providers. OIDC uses JSON Web Tokens (JWTs), which contain basic user information such as usernames and email addresses.

This method does not use SAML (Security Assertion Markup Language).

After you configure an identity provider, see Configuring Application Control for SSO Authentication with ServiceNow .

You can use any OIDC identity provider.

User details, particularly the identifying email address, must be consistent across the identity provider and ServiceNow.

To Configure an Identity Provider for ServiceNow:

1. Sign in to the third-party identity provider.

2. Select Applications > Create App Integration.

3. Select OIDC – OpenID Connect and Native Application.

4. Enter a name, enable Refresh Token, and click Save.

5. Select Edit and select Client Secret and Require PKCE.

6. Save your settings.

7. Select edit and add the following Sign-In Redirect URI:

   http://localhost:61063/ApplicationControl/Browser-Callback/

   The trailing slash on the URL is mandatory. Port 61063 normally is not used; substitute with a different port if required.

8. Find and make note of the token and authorization endpoint URLs using the openid metadata url:

   https://CompanyInstance.com/.well-known/openid-configuration

Managing Tokens with a Third-Party Identity Provider

The refresh token and sign in name are encrypted and stored in %programdata%. You can find the lifespan of a refresh token and the ability to revoke it within the third-party identity provider.