Identity Server is a Secure Token Service that delivers OAuth2 and OpenID Connect tokens. It acts as a centralized login authorization service that replaces the logon policy for BridgeIT, allowing you to handle both token and explicit policies simultaneously. Using this service, you can utilize single sign in and federated authentication.
End users obtain authorization to access resources via authentication redirection. Using this secret exchange, user clients obtain access tokens needed to use Workspaces.
By default, the settings, framework, and applications needed to use Identity Server when accessing Workspaces are preconfigured and require no additional setup. When accessing Workspaces using My.BridgeIT, users are redirected to the Identity Server login page.
Administrators that upgrade to 2016.4 or later must manually add the Identity Server app from the Configuration Center.
To configure Identity Server
1.Change the Framework logon policy to Identity Server. Once updated, edit the Service Desk Framework application to change the logon policy to Identity Server. This allows the framework to handle both explicit and token connections.
2.Update the Service Desk Framework in Configuration Center. This is required of all upgraded servers and is not specific to Identity Server. No other changes should be made in this process until that update is complete.
3.Add the Identity Server application to the Application Pool.
4.Change the BridgeIT application logon policy to Identity Server.
If users need to access the application via an address other than the fully-qualified domain name of the server, then you must create another BridgeIT application with the Token only logon policy. External devices cannot use Identity Server.
5.Log in to Workspaces using Identity Server by following the task below.
After configuring My.Framework and My.BridgeIT's logon policy, as well as adding Identity Server as an application, you can now use Identity Server as a single-source login portal to access Workspaces from multiple authentication sources.
1.From a web browser, open
[server name] with the name of the fully-qualified server name. The page automatically logs you in with your Ivanti® Endpoint Manager credentials.
2.Log in with your desired credentials, based on your login policy. If the policy is set to Allow Windows Logins, users must enter their LDAP credentials. This includes domain credentials, if applicable.
3.If the login was successful, the browser asks permission to use your user idenitifier. If you select Yes, allow, then you are redirected to Workspace.