Requirements for Identity Provider Integration with PROXY Pro
PROXY Pro RAS v10.0 includes a new Identity Manager component that centralizes all authentication and directory search logic for the Server product (Web Console and Gateway Server). In v10.0, the built-in integrations are:
Computer directory services via Active Directory lookup (for Host Grouping by AD OU)
User directory services (user accounts and user groups) via:
PROXY Pro v10.0 requires the following information from an OIDC provider:
PROXY Pro usage
OIDC Claims (in order examined)
Id (unique account ID)
sub, oid
Account Name
upn, unique_name
Friendly Name (optional)
name
Email Address (optional)
email
Group Membership
groups
In v10.0 first release, the OpenID Connect integration assumes that the integration is with Microsoft Azure AD. When this is generalized, the following parameters will be configurable:
Parameter
Azure AD Example
OIDC Root URL
https://login.microsoftonline.com/
Domain Name
In Azure case, DNS name of domain, e.g. “proxynetworks.com”, appended to OIDC Root URL (e.g. https://login.microsoftonline.com/proxynetworks.com/).
Client ID
Now called “Application ID” in Azure, identifies the PROXY Pro Server application instance
Application Key
Now called “Password” in Azure, allows application instance to authenticate to Azure services