Identity Provider

This is work in progress

We are constantly working on improving Domino REST API's functionality and documentation. You have a documentation page which is not quite ready. Feel free to feedback what you would like to see here.

Topics to guide you in completing goals and tasks about Identity Provider in relation to Domino REST API:

• Configure Domino Rest API IdP

• Configure Domino REST API to use an OIDC Provider

• Configure Domino REST API to use Domino 14.5 as OIDC provider

• Configure Microsoft Entra ID as IdP

• Configure certificates

• Configure an identity provider

• Configure Keycloak

• Configure Domino REST API as SAML identity provider

• Set up an External IdP for Office Round Trip Experience

• Set up an External IdP for Admin UI login

Client Ids

When configuring an external identity provider using OpenID Connect (OIDC) or OIDC-idpcat with HCL Domino and the Domino REST API, you must specify a client ID. The default recommendation is to use Domino as the client ID for the Domino REST API server. However, your identity provider administrator might require a different value depending on your organization’s configuration.

Separate client IDs (application registrations) are required to support the Admin UI and Office Forms Based Authentication (OFBA). To support these features, configure at least the following clients in your identity provider:

• A client used by the Domino REST API server. You can name the client Domino or any descriptive name. The client secret might be managed through idpcat.nsf.
• A client used by the Domino REST API Admin UI. You can name the client keepadminui or any descriptive name. Configure this client if you want administrators to authenticate through the external identity provider.
• A client used for OFBA round-trip editing of Office documents. You can name the client keepofba or any descriptive name.

You should also create separate clients for each custom application that connects to the Domino REST API.