OAuth2IdentityProviders preference

To configure authentication with external systems, use the OAuth2IdentityProviders preference in Administration Manager.

To reach the OAuth2IdentityProviders preference, click Administration Manager > Preferences > Application > OAuth2Preferences.

You use the preference to configure OAuth2 identity providers that you can use for authentication with external systems, when you use the following functionality in Spotfire:

Certain data connectors that support identity provider authentication.
WMS layers in map charts, when an identity provider (OAuth) is used as the authentication method.

Add each identity provider as an object in a JSON array, as seen in the example below.

Example:

[
    {
     issuer: "https:\\issuer1.example.com",
     displayName: "Issuer 1 name"
    },
    {
    type: "OAuth2",
    displayName: "Okta",
    issuer: "https:\\issuer2.example.com",
    publicClient: {
      id: "Client name or ID",
      redirectUrl: "Redirect URL",
      redirectPorts: "Port number"
     },
    defaultScope: "offline_access"
    }
]


Setting	Description
type	The type of identity provider. The type determines what you can use the identity provider for in Spotfire, and makes sure Spotfire can find the default authorization metadata document. Note: The type must match the identity provider. Possible values `OAuth2` An identity provider that uses the OAuth2 protocol for authentication. Used for data connectors. `OpenId` An identity provider that uses the OpenID Connect protocol for authentication. Used for data connectors.
issuer	The issuer identifier of the identity provider. The value is always a URL.
displayName	A descriptive display name for the identity provider. The name is how the identity provider is presented to users in Spotfire.
metadata	`documentPath` The location of the authorization server metadata document, if the location is different from the protocol default. The metadata document is used to find the authorization endpoint and token endpoint, unless you have set them manually. `authorizationEndpoint` The authorization endpoint of the authorization server. If set, takes precedence over the authorization endpoint from the authorization server metadata document. `tokenEndpoint` The token endpoint of the authorization server. If set, takes precedence over the token endpoint from the authorization server metadata document.
publicClient	Information about the public client application you have registered for Spotfire with your identity provider. Required for identity providers of type OpenId and OAuth2. Note: Only use public client application details here, and not details for confidential client applications. Add information as a JSON object. Example: `publicClient: { id: "Client application name or ID", redirectUrl: "Redirect URL", redirectPorts: "Port number" }` Settings `id` The client ID or name of your public client application. `secret` The client secret of your public client application. In many identity providers, public client applications do not have client secrets. `redirectUrl` The redirect URL specified in your client application. By default, Spotfire opens a listener on http://127.0.0.1:[<port>]/auth `redirectPorts` The ports to use for interacting with the identity provider. Only set this if you have specified the port to use in the client application. By default, the port is dynamic and will use any free port.
defaultScope	The scopes to request by default you log in to an external system with the identity provider, if you have not specified scopes manually in the data connection or external library.