TDV to IdP Field Mapping

The table below is a reference for the fields on new Domain screen for an OAuth2 domain and its corresponding IdP fields. Note that these are only intended to help you find the information you need from your Identity Provider and should not be used as an exact map. The fields in your IdP are subject to change and you should rely on your IdP documentation for a more accurate and up-to-date information.

TDV Field IdP Field Sample Value
Auth 0: Once you login to Auth 0 and register the TDV application, open the application settings, where you can find the basic information such as the Client ID, Client Secret and your IdP domain. Using the IdP domain, you can access the metadata by adding "/.well-known/openid-configuration" to the IdP domain url. The metadata has the other endpoints that you will need, in order to create a the new OAuth2 domain in TDV.
Issuer Value issuer https://<sub-domain>.auth0.com/

When Validation is "JWKS URI" or "Auto"

 jwks_uri https://<sub-domain>.auth0.com/.well-known/jwks.json
Auth URL authorization_endpoint https://<sub-domain>.auth0.com/authorize
Token URL token_endpoint https://<sub-domain>.auth0.com/oauth/token
Client ID Client ID Alphanumeric string from the application settings page
Client Secret Client Secret Alphanumeric string from the application settings page
Okta - Once you login to Okta and register the TDV application, you can find the basic information such as Client ID and Client Secret from the My Applications page. Open the Default API Authorization Server from the Security settings of the application. You find the Url for the Metadata fron which, you will be able to get the other details that are needed to create a new OAuth2 domain in TDV.
Issuer Value issuer https://<sub-domain>.okta.com

When Validation is "JWKS URI" or "Auto"

 jwks_uri https://<sub-domain>.okta.com/oauth2/v1/keys
Auth URL authorization_endpoint https://<sub-domain>.okta.com/oauth2/v1/authorize
Token URL token_endpoint https://<sub-domain>.okta.com/oauth2/v1/token
Client ID Client ID An alphanumeric string from the My App page.
Client Secret Client Secret An alphanumeric string from the My App page.
Azure AD - Once you login to Microsoft Azure and register the TDV application, open the "App registrations" page, from where you can get most of the information you will need in order to create a new OAuth2 domain in TDV.
  Directory (tenant) ID An alphanumeric string from the App Registration page. You will need this inorder to access the Metadata.
Issuer Value issuer https://login.microsoftonline.com/<tenant-id>/v2.0

When Validation is "JWKS URI" or "Auto"

 jwks_uri https://login.microsoftonline.com/<tenant-id>/discovery/v2.0/keys
Auth URL authorization_endpoint https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
Token URL token_endpoint https://login.microsoftonline.com/<tenant>/v2.0/token
Client ID Application (client) ID An alphanumeric string from the App Registration page.
Client Secret Client credentials (secret) An alphanumeric string from the App Registration page.
Scope A new scope value that is added while registering the app. You will need to add a new Scope for which an authorization grant will be provided.
Additional IdP documentation references for registering TDV application:

Auth0 - https://auth0.com/docs/get-started/applications/application-settings

Okta - https://developer.okta.com/docs/guides/customize-authz-server/main/

Azure AD -https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad