1. AD/ADFS Integration Guide for PTT Pro and Profile Manager
  2. Configuring PTT-Pro to Support OAuth2
  • AD/ADFS Integration Guide for PTT Pro and Profile Manager
Configuring PTT-Pro to Support OAuth2

Configuring PTT-Pro to Support OAuth2

Configure the PTT Pro server to use OAuth2 to authorize requests and grants through tokens between the customer’s identification provider and PTT Pro.
The OAuth2 Access URLs and the ADFS Signing Certificate token must be entered in the PTT Pro Management Portal.
  1. Open the PTT Pro Management Portal through a Web browser and navigate to the Customer Configuration.
    The OAuth configuration is on the customer Profile page.
  2. Click
    Modify OAuth
     or
    Enable OAuth
    .
    The
    Configure OAuth
     dialog box appears.
  3. Enter the OAuth URL and the Access URL.
    • OAuth URL example:
      https://<server.domain.com>/adfs/oauth2/authorize?resource=pttpro-id
    • Access URL example:
      https://<server.domain.com>/adfs/oauth2/token
  4. Select
    Dynamic
     or
    Static
     for the
    OAuth Certificate Usage
    .
    • If you select
      Static
      , copy the ADFS Signing Certificate token you created previously and paste it into the
      OAuth Token Certificate
       field. If the certificate changes, you must update the token to maintain the Replying Party Trust with the PTT Pro Server.
      Configuring OAuth as Static requires the OAuth Token Certificate.
    • If you select
      Dynamic
      , enter the Open ID Metadata URL into the
      Open ID Metadata URL
       field. The URL automatically handles certificate rotation.
      For example,
      <Server URL>/.well-known/openid-configuration
      .
      Configuring the OAuth as Dynamic requires the Open IP Metadata URL.
  5. Click
    Submit
    .
The Relying Party Trust is established in the PTT Pro Server.