Create OIDC Policy

Steps to Create an OIDC Policy

For more information, refer to OpenID Connect Management Policy.

Perform the following steps to create an OIDC policy:

1. Go to Applications > OpenID Connect Policy Management.

   

2. Click Add Policy.

   1. Enter a Policy ID, Policy Name, and select the Access Token Manager created previously in Creating Access Token Manager.

   2. Enter the required values and select the check box as shown below:

      • INCLUDE SESSION IDENTIFIER IN ID TOKEN
      • INCLUDE USER INFOIN ID TOKEN
      • RETURN ID TOKEN ON REFRESH GRANT

      

   3. Click Next.

   4. Select the attributes under Attribute Contract tab as shown below:

      • email
      • given_name
      • groups
      • preferred_username

      

   5. Click Next.

   6. Under Attribute Sources & User Lookup section, click Add Attribute Source.

   7. Enter the details of the user Data Store and select the attributes containing the required claims.

      We have mapped groups to the user attribute employeeType in the Active Directory.

   8. Click Save.

      

   9. Under the Contract Fulfillment tab, map the attributes as given in step 2.c.

   10. Go to LDAP Filter, under the FILTER field enter: sAMAccountName=${sub} and click Done.
       This action leads to Contract Fulfillment tab of OpenID Connect Policy Management configuration. Map the attributes as shown below:

3. Click Save.