Updating an OIDC application in Yandex Identity Hub
Note
This feature is at the Preview stage.
OIDC apps can be managed by users with the organization-manager.oauthApplications.admin role or higher.
Update the app's basic settings
To update the OIDC app's basic settings:
-
Log in to Yandex Identity Hub.
-
In the left-hand panel, select Apps and select the OIDC application.
-
On the top right, click Edit and in the window that opens:
-
Change the app's name in the Name field. The name must be unique within the organization and follow the naming requirements:
- It must be from 1 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
Change the app's description in the Description field.
-
Add new labels by clicking Labels in the Add label field. Click to delete an existing label.
-
Click Save.
-
Update the service provider configuration
To update the service provider configuration in an OIDC app:
- Log in to Yandex Identity Hub.
- In the left-hand panel, select Apps and select the OIDC application.
-
On the top right, click Edit and in the window that opens:
-
Specify the address you got from the service provider in the Redirect URI field.
Click Add URI to specify multiple redirect URIs at once.
-
In the Scopes field, select user attributes that will be available to the service provider.
-
openid (user ID): User ID. This is a required parameter. -
email address: User email address. -
profile (full name, first name, last name, avatar, etc.): Additional user details. -
groups (user's groups in the organization): User groups in the organization whose member the user getting authenticated is. The possible values are:-
All grous: Security provider will get all groups the user belongs to.The maximum number of sent groups: 1,000. If the user belongs to more groups, only the first thousand of them will be communicated to the service provider.
-
Assigned groups only: Of all groups the user belongs to, the service provider will only get the ones explicitly specified on the Users and groups tab of the OIDC app.
-
-
-
Click Save.
-
Updating an app's secret
There is no way you can view or update an app’s secret. Instead, you can generate a new one:
- Log in to Yandex Identity Hub.
- In the left-hand panel, select Apps and select the OIDC application.
-
Under App secrets, click Add secret, and in the window that opens:
- Optionally, add a description for the new secret.
- Click Create.
The window will display the generated application secret. Save this value.
Warning
If you refresh or close the application information page, you will not be able to view the secret again.
If you closed or refreshed the page before saving the secret, click Add secret to create a new one.
To delete a secret, in the list of secrets on the OIDC app page, click in the secret row and select Delete.
- Remember to provide the new secret in the settings on the service provider side. If you need help, refer to your service provider's documentation or support team.
Update the list of app users and groups
Update the list of your organization's users permitted to authenticate in an external app with an OIDC application:
-
Log in to Yandex Identity Hub.
-
In the left-hand panel, select Apps and then, the OIDC app.
-
Navigate to the Users and groups tab.
-
To add a user or user group to the app:
- Click Add users.
- In the window that opens, select the required user or user group.
- Click Add.
-
To delete a user or user group from the app:
- In the list of users and groups, click and select Delete next to the user or user group.
- Confirm the deletion.