Identity Provider Settings
Identity Provider (IDP) Settings enables integration between the Thales Authenticator Lifecycle Manager and enterprise identity systems allowing seamless user authentication and access management. This integration involves configuring endpoints and parameters required for secure communication with IDPs. After the integration is complete, administrators can search for IDP users and enroll or revoke FIDO devices for those users.
The following identity providers are supported:
-
Microsoft Entra ID (Azure AD) - Integration is based on Client ID and Client Secret.
-
SafeNet Trusted Access (STA) - Integration is based on API Key.
Tip
- Select Microsoft Entra ID if your organization uses Microsoft Entra ID (Azure AD).
- Select STA Identity Provider if your organization uses SafeNet Trusted Access.
Identity Provider Settings Table
The Identity Provider Settings table displays all configured identity providers along with their current status and available quick actions.
The following table explains each column given in the Identity Provider Settings table.
| Column | Description |
|---|---|
| Provider | Name of the identity provider. |
| Type | Identity provider type (for example, Microsoft Entra ID or STA Identity Provider). |
| Status | Indicates the following status of identity provider: - Active: Configured, connection successfully tested, and available for communication with IDPs for user search and enrollment related operations. - Inactive: Configured but connection not yet tested. |
| Actions | Available actions, such as Edit  and Delete  identity provider configurations. |
Manage IDP Integrations
Administrators can perform the following operations to manage IDP integrations:
Search Identity Providers
The Search feature allows administrators to quickly locate identity providers. Use the search bar to filter identity providers and view their details based on either the identity provider name or type.
Add Identity Providers
Use the Add Identity Provider button located at the top-right of the Identity Provider Settings window to initiate the identity provider type selection and configuration.
Caution
- IDP credentials are case sensitive (for example, Client Secret for Entra ID, API Key for STA).
- Ensure that Console access is restricted to authorized administrators and credentials are stored securely in accordance with your organization’s security policies.
-
On the Identity Provider Settings window, click Add Identity Provider.
-
On the Add Identity Provider window, select either Microsoft Entra ID or STA Identity Provider as per your preferred configuration.
-
Perform the configuration steps.
-
Under Microsoft Entra ID Configuration, complete the following fields:
Field Description Name A unique name for the IDP. Active Select the checkbox to activate the IDP. Authentication URL The endpoint URL is provided by the IDP support to handle authentication requests. This URL allows Thales Authenticator Lifecycle Manager to securely communicate with the IDP to validate user credentials and issue authentication tokens. Application/Client ID The client ID of the registered application or service that will use FIDO devices for user authentication. Client Secret A valid client secret generated for the registered application or service. Thales Authenticator Lifecycle Manager uses the client secret along with the Application/client ID to authenticate securely with the IDP. MS Graph API URL The URL used by Thales Authenticator Lifecycle Manager to connect with the Microsoft Graph API for operations such as user search, device assignment, and device revocation. 
-
Click Test Connection.
-
After the connection is successful, click Create.
Tip
Ensure that your Entra ID application registration is correctly configured, and that the client secret is valid and has not expired. Also, verify that both the authentication URL and the Microsoft Graph API URL are correct and aligned with your tenant and environment requirements.
-
Under STA Identity Provider Configuration, complete the following fields:
Field Description Name A unique name for the IDP. Active Select the checkbox to activate the IDP. API URL The endpoint URL provided by the identity provider (IDP) to handle authentication requests. This URL allows Thales Authenticator Lifecycle Manager to securely communicate with the IDP to validate user credentials and issue authentication tokens. API Key A valid STA API key provided by the identity provider (IDP) used to authenticate and authorize access to the SafeNet Trusted Access (STA) API. 
-
Click Test Connection.
-
After the connection is successful, click Create.
-
Edit Identity Providers
-
On the Identity Provider Settings window, locate the target identity provider name from the list, and click
Edit. -
On the Edit Identity Provider window, update the IDP configuration as needed.
Note
For field descriptions, refer to step 3 of the Add Identity Providers section.
-
Click Test Connection to revalidate the configuration.
-
After a successful connection, click Update to update the configuration.
Caution
When updating Client Secret for Entra ID or API Key for STA, coordinate with your identity provider support team to avoid authentication disruptions. Whenever possible, schedule these changes during a planned maintenance window.
Delete Identity Providers
-
On the Identity Provider Settings window, locate the target identity provider name from the list, and click
Delete. -
The Delete Identity Provider window is displayed. Click Delete to confirm the operation. The IDP configuration will be successfully removed.
Warning
Deleting an identity provider immediately disables user authentication via the IDP. Before proceeding, ensure that no critical workflows or dependencies rely on the IDP. After deletion, console users will no longer be able to revoke existing device assignments, search for users, or assign new devices.
