Configuring OpenID Connect
About this task
The system supports authentication against an OpenID Connect (OIDC) provider. When enabled, the IBM Cloud Object Storage Manager™ will support single sign-on via OIDC and OAuth 2.0 bearer tokens for REST API access. In OAuth 2.0/OIDC terms, the Manager is both a resource server and a relying party.
Note: OIDC providers may choose to implement all or part of the framework. While every effort has
been made to verify support with various providers, the only official integration is withIBM Security™ Verify. In addition, the Manager only supports JSON Web Tokens (JWT) as OAuth
2.0 bearer tokens. Opaque bearer tokens are not supported.
Warning: The claims iss, sub, name,
email, and email_verified must be present in all JWTs or available from
the configured UserInfo endpoint. Otherwise, authentication may fail. Contact
your OIDC provider administration to ensure all claims are in the tokens.
Note: For account or group creation or deletion, see Authentication and
authorization.