The ILM Collector and Fulfiller supports only the Generate Bearer/Access Token method for authentication. It is compatible with both the Client Credentials and Password Grant flows. For the current phase of OpenText Identity Governance and OpenText Core Identity Lifecycle Manager, we recommend password flow as the authentication method.
Roles and Access: As part of the Password Grant flow, you must create user credentials in OpenText Core Identity Lifecycle Manager with the default role and sync it to OpenText Advanced Authentication. The user name and password along with the client ID and client secret are required for the Password Grant flow.
Client ID and Client Secret: Log in to your OpenText Advanced Authentication tenant. Within the tenant, open ILMOauthApp and retrieve the Client ID and Client Secret from the application. Additionally, copy the user name and password of the user you created in OpenText Core Identity Lifecycle Manager and synced to OpenText Advanced Authentication. You will need to enter them when configuring the template for password (resource owner credential) flow.
Other Service Parameters: Make sure your base URL matches with the validation URL of OpenText Core Identity Lifecycle Manager. When selecting the credential flow, use the oauth2_aud_base value as your Resource to specify the audience for which the authentication token is being requested. It indicates the API or service to which the token is intended to grant access. The audience typically refers to the unique identifier (such as the URI) of the resource or API you are trying to access.
When using Cloud Bridge, you must also specify a unique ordinal for each authentication method. Use the following table to understand the ordinal number that you need to specify for the Generate Bearer Token field.
The following table lists the available authentication types and related credentials:
|
Ordinal (Credential Position) |
Authentication Type |
Credential Set |
|---|---|---|
|
5 |
Bearer Token |
|
|
6 |
Bearer Token |
|