Setting Up Authentication for OpenID Connect with Yahoo

Adding a New Application

On https://developer.yahoo.com, create a new application with the following settings:

Type: Web Application

Redirect URL: https://{tenant-url}/handlers/sso/OIDC/AuthResultHandler.ashx

API Permissions: OpenID Connect Permissions, Email, and Profile

Information required for configuration in Neurons for ITSM:

Client ID

Client Secret

Creating a Neurons for ITSM Authentication Provider

1.Open the Configuration console.

2.Click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.

3.From the New Record Menu list, select New OpenID Connect.

4.Delete the default data from the existing fields.

5.Enter information into the fields.

Field Description
Default

Specifies if this authentication provider is called.

Automatically set by the application. To set the authentication provider as default, you must first set Default to False for all other authentication providers and then change the Default settings for this authentication provider to True.

Disabled

Specifies if this authentication provider is disabled.

Name

The name of the OpenID Connect provider.

Authentication URL

Enter https://api.login.yahoo.com/oauth2/request_auth.

For more details about authentication, see https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html

Token Verification URL

Enter https://api.login.yahoo.com/oauth2/get_token.

For more details about token verification, see https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html

Logout URL

Enter the URL that sign out from Yahoo account when the you log out from Neurons for ITSM,

After logging out from Ivanti Neurons for ITSM, the end session of OpenID Connect endpoint is called and clients in the same browser session are also signed out.

Session Renewal URL

URL used to request to renew the session. If this field is empty, the application uses the value of the Authentication URL field.

Ivanti Neurons for ITSM must be able to initiate an outbound HTTPS (port 443) connection to this URL.

Client ID

Enter the Yahoo client ID. This is the Client ID captured from new application.

Client Secret

Enter the client secret value from your Yahoo application. This is the Client Secret captured from new application.

OIDC Hosted Domain

Not used for Yahoo.

OIDC Realm

Enter the Ivanti Neurons for ITSM tenant URL. You can enter the following URL https://{tenant-url}.

Certificate URL

Not used for Yahoo.

Certificate Issuer

Not used for Yahoo.

Expiration Date

Not used for Yahoo.

Force Login

The Force Login option is applicable to users reaching concurrent session limits, in the case of external authentication.

If the option is selected, when you reach a concurrent session limit, the application terminates all existing sessions and devices, and automatically logs them into a new session.

If the option is not selected, when you reach a concurrent session limit, an error message will appear on the page. Then you need to log out of existing sessions or devices, and then try logging in again.

Auto Provisioning

Adds new users via authentication. You have the option to auto provision the role, status, and team for the new user. By selecting Auto Provisioning, the application creates an employee record if a user logs in using authentication and does not already have an employee record.

Profile Information URL

Not used for Yahoo.

Auto Provision Role

Role associated with the new user.

Auto Provision Status

Status of the new user.

Auto Provision Team

Team associated with the new user.

Auto Provision User Business Object

Type of user record to create. You can select the following types:

Employee

External contact

6.Click Save.

7.To verify your configuration, click Test Authentication.

You must have an Employee record with an appropriate External Authentication linking to this provider before the test runs successful.

A successful test looks similar to the below screenshot.