Use this dialog to configure your OpenID authentication server and map OpenID groups to WhatsUp Gold user groups.

Important: The use of OpenID authentication with WhatsUp Gold requires an HTTPS connection. If HTTPS is not established, you will be presented with an informational dialog directing you to instructions on how to configure WhatsUp Gold to use HTTPS.
Note: To successfully use OpenID Connect authentication with WhatsUp Gold, additional configuration on the secure token server is required. NoteText: On the secure token server, make sure to limit the quantity of groups mapping to each WhatsUp Gold user in order to limit the size of the token created.

To configure OpenID Connect external authentication:

  1. Click Edit to launch the Edit OpenID Server Settings dialog.
  2. Enter the following information in the applicable fields:
  3. Click Auto-config. This causes WhatsUp Gold to query the OpenID provider's configuration endpoint and retrieve the parameters required for OpenID authentication. The remaining configuration fields in the dialog are then populated automatically, though these entries may be modified if needed depending on your specific authentication needs. Please see the bulletted list below for a complete list of configuration fields and descriptions.
  4. Click Test to check the connectivity between WhatsUp Gold and the Issuer.
  5. Click OK to save your server settings and return to the OpenID Authentication Setup dialog.
  6. If desired, you can modify the Token Validation Timer setting. This setting reflects how often WhatsUp Gold reaches out to the OpenID server to validate the user's access token.
  7. Click the Add icon to create a new line item under WhatsUp Gold Group Access.
  8. Enable the checkbox next to the new line item, then click the Edit icon.
  9. Enter the name of an existing OpenID group in the data entry field on the left, then select a WhatsUp Gold User Group you want to map to the specified Open ID group from the drop-down menu on the right.
  10. Click Update.
  11. Repeat the previous steps to complete mapping of OpenID groups and WhatsUp Gold User Groups as needed.
  12. Click Save.

OpenID Server Settings Configuration Fields

  • Client ID. The public client identifier assigned to WhatsUp Gold by OpenID.
  • Identity Provider URL. The address or root of the OpenID Connect authentication server instance.
  • Access Token Issuer Identifier. The issuing authority value (including terminating backslash and version, if applicable) used to validate the Access Token ISS value in WhatsUp Gold. Please note, this may be different from the Issuer in the ID token, as is the case with MS ADFS.
  • ‘Groups’ Claim Name. The name or key used to identify ‘groups’ in the information returned with the ID and Access tokens.
  • Audience. The audience value for the token is usually the client ID of the application defined in secure token server settings.
  • Metadata for Endpoints. Click on any applicable checkbox to enable the use of selected metadata during authentication.
  • Redirect URIs
    • Sign-in callback. The callback URL used by OpenID when accessing WhatsUp Gold. Please note, alternate callback URLs may be selected using the drop-down list provided in scenarios where special characters (e.g., a ? or /) are not allowed.
    • Sign-out callback. The callback URL used by OpenID when exiting WhatsUp Gold. Please note, alternate callback URLs may be selected using the drop-down list provided in scenarios where special characters (e.g., a ? or /) are not allowed.
    • Silent Renew callback. The URL used by OpenID to renew existing authentication without user interaction.

      Important: These URLs must resolve to the same WhatsUp Gold server. Additionally, the set of URLs configured on the secure token server must also resolve to one and only one WhatsUp Gold server.

  • Validate Access Token Username. Enable this option to compare the username in the Access token and the authenticated username and ensure they match.