IDP
An IDP, or Identity Provider, is a service that is responsible for authenticating users in a system that uses the OpenID Connect (OIDC) protocol. In the context of Horizon, the IDP is used to authenticate users when they log in to the system. Horizon does not store user information itself, but instead relies on the IDP to provide the necessary information about the user.
Adding an IDP
- Generate an application ID and secret in the IDP system.
- Click more at the top of the page.
- Select the admin option.
- In the left sidebar, choose IDPs.
- Click the New login method with OIDC button.
- Enter the IDP's name, display name, and discovery endpoint.
- Enter the application ID and secret.
- Enter the scopes (such as profile, email, and openid).
- Click Submit.
- Test the OIDC configuration by attempting to link with the new configuration in your personal space.
If the IDP system does not support discovery service, you can omit the discovery endpoint and manually enter the other information. It is important to note that if multiple IDPs are configured, users will need to manually link to the new IDP rather than logging in directly, as this will result in two different accounts in Horizon.
Gitlab as IDP
The following picture demonstrate how to add GitLab as an IDPbelow show how to add.
If you don't have a discovery endpoint for your OIDC provider, you can manually specify the authorization endpoint, userinfo endpoint, and issuer for your provider.
Deleting an IDP
To delete an IDP:
- Click more at the top of the page.
- Select the admin option.
- In the left sidebar, choose IDPs.
- Select the appropriate IDP and click Delete.