Entrust PKI as a Service

Adding an external IdP

Entrust provides Entrust IDaaS (eIDaaS) as the default Identity Provider (IdP) for PKIaaS users. However, you can replace this default provider by adding an external OpenID Connect (OIDC) provider.

To add an external identity provider:

  1. Configure an account on an external OpenID Connect (OIDC) identity provider.

    ⚠ User email addresses in the external identity provider must match those on Entrust Cloud Console.

  2. Open the https://my.cloud.entrust.com URL of the Entrust Cloud Console using any of the supported browsers:

    • Apple Safari
    • Google Chrome
    • Mozilla Firefox

  3. Navigate to Settings > Identity Provider.

    IMG

  4. Click Add External Provider and complete the following steps.

    ℹ We recommend keeping the OpenID Connect console open in a different browser tab while performing the below steps.

Add Cloud Console to OIDC

In this step:

  1. Copy the Login Redirect URI and Logout Redirect URI values.

    IMG

  2. Paste them into the fields with the same names in your OpenID Connect account.

  3. Click Next.

Add Details and Secrets from OIDC

In this step, configure the following settings and click Next.

Setting Value
Issuer URL The base URL of your OpenID Connect account
Client ID The client identifier of your OpenID Connect account
Client Secret The client secret of your OpenID Connect account

Test & Submit

In this step:

  1. Click Test Connection to trigger an authentication on the external OpenID Connect provider.

    IMG

  2. Authenticate with your OpenID Connect account credentials.

  3. On authentication success, click Show Advanced Options to display the automatically filled endpoint parameters.

  4. Click Submit. You will receive a confirmation email on your inbox.