Overview

Supported Features

Ivanti Connect Secure supports the following features with OAuth:

•Act as Relaying Party (RP) solely

•Talk to any standard OP (OAuth Provider) for Authentication

•“User Name Template” option for username mapping

•“User Attributes” based role mapping

•Multiple Host FQDNs to talk to same the OP with different Client IDs

•MFA authentication at OP

•MFA at ICS

•Check for time skew as per configured values

•Clusters (A/A or A/P)

•XML and binary based export/import of OAuth Server configs

•Configuring and doing CRUD operations using REST APIs for OAuth Servers configs

Limitations

•Act as OAuth Provider (OP) for Authentication.

•SLO (Single Logout) to trigger log out from the respective OP and kill ICS sessions only.

•ICS will not support configuring OAuth Servers as Secondary Auth Server for any User Realms, it can be ONLY configured as the Primary Auth server.

Configuring the OAuth Server to work with ICS

Configuring the OAuth Server process involves the following steps:

1.Configuration on ICS

2.End User Login Flow

3.Configuration on the OAuth Provider (OP)

Prerequisites

Ensure that with the required configurations on the OAuth Provider (OP), you collect the following parameters that are required to create and configure the OAuth Server on ICS:

•Client ID

•Client Secret

•Host FQDN

•Configuration file in JSON format

Refer Configuration on the OAuth Provider (OP) for configuration procedures that help to collect the required parameters.