Configure Identity Broker authentication for the Web Portal

By default, the server that hosts the Web Portal uses Windows authentication to authenticate Web Portal instances. Alternatively, you can configure the Web Portal to use Identity Broker authentication. You can configure this during installation of the Web Portal, or at a later stage. The Identity Broker is a web application that acts as a "broker" for authentication, between Ivanti portals and their configured Identity Provider: it can process authentication requests by means of external authentication endpoints.

When you access the Web Portal for the first time from the machine on which you installed it, you are automatically redirected to the Setup page. When you have already installed and configured the Web Portal (for example, in upgrade scenarios), these settings are available from the URL of the Web Portal, at [Web Portal url]/Setup (for example, https://portals.ivanti.com/Setup). For security reasons, these settings are only available from the machine on which you installed the Web Portal; an error is shown if you try to access them from a different machine.

Settings

For Authentication type, select Identity Broker and fill out the fields as follows:

  • Identity Broker URI: This field specifies the public web address of the Identity Broker (for example, https://portals.ivanti.com/identitybroker/ids/).
    The URI is case sensitive and must always end with a slash (/).
  • Redirect URI: This field specifies the web address of the Web Portal (for example, https://portals.ivanti.com/).
  • Client ID: This field specifies the ID of the Web Portal as configured in the Identity Broker.
  • Client secret: This field specifies the password string of the Web Portal as configured in the Identity Broker.
  • Configure Identity Broker as Datastore authentication

Make sure you configure and enable at least one Identity Provider in Identity Broker before you enable Identity Broker authentication.
If a portal is configured to use Identity Broker authentication and no Identity Provider is available, users will not be able to access the portal.

You can only configure single-sign for the Web Portal if you use the Identity Broker.

If you install the Identity Broker using the Identity Director installer on the same server as the Web Portal, the connection settings will be pre-configured.

See also