{ "componentChunkName": "component---src-templates-docs-js", "path": "/ssocatalog/Azure", "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"f78646d4-15fc-5bd0-b03b-08b4ee55d559","title":"Azure SSO","slug":"/ssocatalog/Azure"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"Azure SSO\",\n \"metaTitle\": \"Azure SSO\",\n \"metaDescription\": \"This page describes how to enable SSO with Azure\"\n};\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, _excluded);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"There are two possible configuration scenarios for Azure SSO:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Azure is IDP and OpenIAM is SP.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Azure is SP and OpenIAM is IDP.\")), mdx(\"p\", null, \"In the first case when a user is trying to reach OpenIAM and this user is not authenticated - user is being redirected to Azure and is asked to log in to Azure. After the user logs in, it redirects back to OpenIAM where it gets access to all OpenIAM resources that are available for this user.\"), mdx(\"p\", null, \"When Azure is SP (Service Provider) and the user tries to log in to Azure not being authenticated - it is being redirected to OpenIAM and should log in using OpenIAM credentials. When this is done the user is redirected back to Azure and can access own account.\"), mdx(\"h1\", null, \"Azure is IDP and OpenIAM is SP\"), mdx(\"p\", null, \"This tutorial is split into 2 parts - configuring Azure side and configuring OpenIAM side.\"), mdx(\"h3\", null, \"Configuring Azure\"), mdx(\"p\", null, \"Firstly, go to Azure Active Directory and select \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Enterprise Applications\"), \" menu item.\"), mdx(\"p\", null, mdx(\"img\", {\n parentName: \"p\",\n \"src\": \"/docs-2026.5.2/1983d09a4bf8c0bd9b174749305a7bbf/1.jpg\",\n \"alt\": \"Azure AD Enterprise APP\"\n })), mdx(\"p\", null, \"There, select \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"New Application\"), \".\"), mdx(\"p\", null, mdx(\"img\", {\n parentName: \"p\",\n \"src\": \"/docs-2026.5.2/ef858708a34a75a5376fe6dd7a066319/2.jpg\",\n \"alt\": \"Creating enterprise application for OpenIAM SSO\"\n })), mdx(\"p\", null, \"There you will see \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Create your own application\"), \". Having selected this, give your application some name. This could be any name that makes sense for you. After, select the radio button saying that this will be a custom application.\"), mdx(\"p\", null, mdx(\"img\", {\n parentName: \"p\",\n \"src\": \"/docs-2026.5.2/b8e41d4fd69e34ffa1a1a72d0dcaa201/3.jpg\",\n \"alt\": \"Creating custom application for SSO\"\n })), mdx(\"p\", null, \"After application is created, you would need to go to \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Single sign-on\"), \" menu item and press \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"SAML\"), \".\"), mdx(\"p\", null, mdx(\"img\", {\n parentName: \"p\",\n \"src\": \"/docs-2026.5.2/7e5964296ac7cb1589265b16fc615056/4.jpg\",\n \"alt\": \"SAML configuration\"\n })), mdx(\"p\", null, \"There you need to define basic SAML settings similarly to below. Please note, below values are just examples and you will need to put your values. Explanation of values will be given below.\"), mdx(\"p\", null, mdx(\"img\", {\n parentName: \"p\",\n \"src\": \"/docs-2026.5.2/7a05b60f180f9ad1f1636173650a39c1/5.jpg\",\n \"alt\": \"Configuration Azure SSO example\"\n })), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Identifier\"), \" (Entity ID) - should be some value that uniquely identifies your application (this will become \", mdx(\"em\", {\n parentName: \"li\"\n }, \"SAML Issuer Name\"), \" in OpenIAM configuration)\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Reply URL\"), \" (Assertion Consumer Service URL) - should follow pattern https://{OpenIAMAddress}/idp/saml2/sp/login.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Sign on URL\"), \" - should be the same as above, but include \", mdx(\"em\", {\n parentName: \"li\"\n }, \"issuer\"), \" parameter that should be equal to identifier. Example: https://{OpenIAMAddress}/idp/saml2/sp/login?issuer=identifierOfApplication.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Logout URL\"), \" - should follow pattern https://{OpenIAMAddress}/idp/saml2/sp/logout.\")), mdx(\"p\", null, \"You can leave the rest of the parameters by default. You will also need parameters from section 4 of this page for configuring the OpenIAM part.\"), mdx(\"p\", null, \"Finally, from the Azure SSO setup, \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"collect the \", mdx(\"inlineCode\", {\n parentName: \"strong\"\n }, \".pem\"), \" file\"), \". \"), mdx(\"h3\", null, \"Configuring OpenIAM\"), mdx(\"p\", null, \"To create an authentication provider, use \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Add OpenIAM as service provider to your IDP\"), \" option.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1035px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/60ab9/7.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"58.687258687258684%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAABYlAAAWJQFJUiTwAAABrUlEQVQoz6WSa1PaQBSG8/8/yVTboS2tH7VitbZSEocQRUa5iNhSP3R6UwGBEJNQyQUSns4u1Fo7TJ32zDzzZnffnD1zzir67gFarkAcjfnf8PwAZStbYCOzh2ZUJGq+jGrcH80ok9VL5Is1LNtF0fcOyWgGmZ1dtHwRVd9H1Yt32J+L+CebK2AUq9OE4AED4Brw7yDOhrOzeXgzneD5IYrrDjDNPrZtE4YjRqMx47EgYjL5e9+iKCaKY+I4nvYwCAJ830fo7W+RzR18p1R9x1H9g6R63JDU6qccVk74dt6SSSezm23HRQnD8Ldk4safhstOj/SmylZG503WYHM7x+u3eV7NtHXZlT5RnYhuzxQ9nB/XQ4+Dcp1K7b2sTOjRcYNS9YTG6cc//GbfQvn05YLPZ20uWl2a7V+IdbtjYl259C3nBlPolUOvb0uP4LzZkd52p4uylEqTSK7waHmDxdQ6iSdrJB5PWUi+YCG5ymIqzYOnt1mTe0vP1nn4/KVcL69s8/WsiTIahQS+d1O2mO6/xtDzUSzLwnEcORTxXISKQUVRJJst9D4Ir0j4Awc5b1kgWc5yAAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Authentication provider configuration\",\n \"title\": \"Authentication provider configuration\",\n \"src\": \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/e3189/7.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/a2ead/7.png 259w\", \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/6b9fd/7.png 518w\", \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/e3189/7.png 1035w\", \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/44d59/7.png 1553w\", \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/a6d66/7.png 2070w\", \"/docs-2026.5.2/static/2ff521515978e5e8cd0c84075d3600e8/60ab9/7.png 2450w\"],\n \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \"), \"\\n\", mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1035px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/3162c/8.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"48.26254826254826%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAKCAYAAAC0VX7mAAAACXBIWXMAABYlAAAWJQFJUiTwAAABKElEQVQoz6WSbUvDMBSF+/9/hrKhg234RbHDX6BubIxN2BcFFa0zbZeXm5c2RxKdq+JYwcAhgdw895wkibEW73mJm8kc4+kCs8UKt9MFrsdzjGdL3K3uW+oBj8+vSBQZPL2scTIc4XSYond2he5ghOPeBY565+j0L9EdpAfV6aeYzJZIslxAaQdfWcBX+M8oihJJxgSEMuCbDfKigHMOUioQaVRVBevcYVmLuq6Rva2/gGSglARjDKQUSBsY81nURqGx9x4bzn8Cy7IEvIcQhKKUsTCoLdhat4sspUTOWNwI7kL0IGNMK1hwGM41HCpIIeLlam2gtY7A39H2A+sdUJKBEDw+TBMY3AXoFtRc/9Uo/OnvyEQKnPNoPcCIKM5NQHjNfS63Dj8AP1P6umJVBuMAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Authentication provider configuration\",\n \"title\": \"Authentication provider configuration\",\n \"src\": \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/e3189/8.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/a2ead/8.png 259w\", \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/6b9fd/8.png 518w\", \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/e3189/8.png 1035w\", \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/44d59/8.png 1553w\", \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/a6d66/8.png 2070w\", \"/docs-2026.5.2/static/89ac09368b947dd70a12aad02a7cb7df/3162c/8.png 2750w\"],\n \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"Create a role (or group) in OpenIAM and in its entitlements link it with the resource of the authentication provider. Assign the test user the role (or group) to a test user.\"), mdx(\"h2\", null, \"Uploading/Updating the Azure SSO Certificate in OpenIAM\"), mdx(\"p\", null, \"In webconsole go to \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Access Control\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Authentication Providers\"), \" > open the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Azure SSO setup\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Signature\"), \" section > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Upload\"), \" the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \".pem\"), \" file.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"654px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/dbb96ec2f46253612efc0ac64e4e68e8/68e9c/Azure-02-pem-file.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"11.583011583011583%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAACCAYAAABYBvyLAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAVElEQVQI112MQQ7AIAgE/f9TbYX2oB5k2QYNl24y2SEQCmC85OV1N7Z2qLVSRbeLCFWVj5659845J8cYXGsx4u7MFACkg9FBLNNhRjPbnp03yf/hB/zfnFhmjOWnAAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \".pem file\",\n \"title\": \".pem file\",\n \"src\": \"/docs-2026.5.2/static/dbb96ec2f46253612efc0ac64e4e68e8/68e9c/Azure-02-pem-file.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/dbb96ec2f46253612efc0ac64e4e68e8/a2ead/Azure-02-pem-file.png 259w\", \"/docs-2026.5.2/static/dbb96ec2f46253612efc0ac64e4e68e8/6b9fd/Azure-02-pem-file.png 518w\", \"/docs-2026.5.2/static/dbb96ec2f46253612efc0ac64e4e68e8/68e9c/Azure-02-pem-file.png 654w\"],\n \"sizes\": \"(max-width: 654px) 100vw, 654px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"h3\", null, \"Validating configuration\"), mdx(\"p\", null, \"To validate configuration, go to your Enterprise application in \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Azure\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Single sign-on\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"SAML\"), \" and select \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Test\"), \" in configuration section 5, as indicated below\"), mdx(\"p\", null, mdx(\"img\", {\n parentName: \"p\",\n \"src\": \"/docs-2026.5.2/ff16334e1f45989862c36d8ebc0cab46/6.jpg\",\n \"alt\": \"Validating SSO\"\n })), mdx(\"h3\", null, \"Additional information\"), mdx(\"p\", null, \"By default, Azure users should be explicitly assigned to your application to be able to sign in using SAML. You can add new users or groups using your Enterprise application in \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Azure\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Users and Groups\"), \". Or if you want to allow anyone to access this application inside your organization (without setting users explicitly), go to your Enterprise application in \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Azure\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Properties\"), \" > set \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Assignment required?\"), \" to \", mdx(\"em\", {\n parentName: \"p\"\n }, \"No\"), \".\"), mdx(\"p\", null, \"If you would like to redirect users from login page of OpenIAM automatically to Azure login page you should add redirection URL for pattern idp/login in needed content provider like:\"), mdx(\"p\", null, mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://demo.openiam.com/idp/saml2/sp/login?issuer=my_issuer\"\n }, \"https://demo.openiam.com/idp/saml2/sp/login?issuer=my_issuer\")), mdx(\"h1\", null, \"Azure is SP and OpenIAM is IDP\"), mdx(\"p\", null, \"For this scenario, You will need to run a PowerShell session to make configurations below. Hence, begin with starting the PowerShell console.\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Try to load \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Graph\"), \" module with the following command.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Import-Module Microsoft.Graph\\n\")), mdx(\"p\", null, \"If you see errors after running command above - install \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Microsoft.Graph\"), \" module with the command below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Install-Module Microsoft.Graph\\n\")), mdx(\"ol\", {\n \"start\": 2\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Another pre-requisite step is connecting to your Azure tenant with the following commands.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Connect-MgGraph -Scopes \\\"Domain.ReadWrite.All\\\", \\\"Directory.AccessAsUser.All\\\", \\\"Directory.ReadWrite.All\\\", \\\"User.ReadWrite.All\\\"\\n\")), mdx(\"p\", null, \"Scopes above allow you to perform actions with domains and users to change their settings.\"), mdx(\"ol\", {\n \"start\": 3\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Take certificate that was issued on OpenIAM side on the \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"previous steps\"), \" and load it to a \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"PowerShell variable\"), \" by means of command below.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"[string]$cer = Get-Content \\\"path_to_downloaded_certificate_from_OpenIAM\\\"\\n\")), mdx(\"ol\", {\n \"start\": 4\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Run commands similar to ones given below. Please, pay attention that you would need to set \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"your own\"), \" values. In commands below we have used following just as \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"examples\"), \":\")), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"openiamdemo.com - this is a domain name that you are going to federate with OpenIAM.\")), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Important!\"), \" Please make sure that your domain is in \", mdx(\"span\", {\n style: {\n \"fontWeight\": \"bold\"\n }\n }, \"lowercase only\"), \". Having differences in lower-/uppercase may cause \\u201CAADSTS50107\\u201D error on the Azure side.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"a\", {\n parentName: \"li\",\n \"href\": \"https://demo.openiamdemo.com/\"\n }, \"https://demo.openiamdemo.com/\"), \" - please replace this value with your OpenIAM instance address.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"The \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"IssuerUri\"), \" parameter should include an identifier that should be given from the OpenIAM side.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"$cer\"), \" - is the certificate that was loaded above.\")), mdx(\"p\", null, \"Please also pay attention that OpenIAM addresses should work \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"using https protocol\"), \" as per Microsoft requirement. Otherwise you \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"will not\"), \" see errors, but you also \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"will not\"), \" get a solution working.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"New-MgDomainFederationConfiguration -DomainId \\\"openiamdemo.com\\\" -ActiveSignInUri \\\"https://demo.openiam.com/idp/saml2/idp/login\\\" -PassiveSignInUri \\\"https://demo.openiam.com/idp/saml2/idp/login\\\" -IssuerUri \\\"https://demo.openiam.com/idp/saml2/idp/login/ea8081f397a1de3d01987a2748493925\\\" -SignOutUri \\\"https://demo.openiam.com/idp/saml2/idp/logout\\\" -PreferredAuthenticationProtocol \\\"saml\\\" -SigningCertificate $cer -FederatedIdpMfaBehavior \\\"rejectMfaByFederatedIdp\\\"\\n\")), mdx(\"p\", null, \"It may take around \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"15 minutes\"), \" for configuration to be applied and it may get applied faster/slower in one region than in others. To test you can try to access any Azure/O365 service (for example, portal.office.com) and input any \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"username@[yourdomain]\"), \" where \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"yourdomain\"), \" is the domain name that you configured for federation. Instead of a window for a password input you should get redirected to OpenIAM.\"), mdx(\"h4\", null, \"Verifying federation parameters\"), mdx(\"p\", null, \"To verify federation parameters, you can run a command similarly to a below one (please replace domain with your one).\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MgDomainFederationConfiguration -DomainId [Your_domain] | Select-Object *\\n\")), mdx(\"h4\", null, \"Removing federation configuration\"), mdx(\"p\", null, \"To remove domain federation, you can run a following command.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Remove-MgDomainFederationConfiguration -DomainId [Your_domain] -InternalDomainFederationId [Federation-ID]\\n\")), mdx(\"p\", null, \"You can get \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Federation-ID\"), \" by running a command that is described in the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Verifying federation parameters\"), \" section above.\"), mdx(\"h2\", null, \"User sign on requirements\"), mdx(\"p\", null, \"To be able to sign in to Azure using OpenIAM as IdP an Azure user should have an \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ImmutableId\"), \" (\", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"OnPremisesImmutableId\"), \" is property of \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Microsoft.Graph\"), \" module) defined in its profile that should match the value defined in OpenIAM.\"), mdx(\"p\", null, \"When you configure federation for the first time and you \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"already have\"), \" some existing users in your tenant most probably you will need to set an \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ImmutableId\"), \" for your user(s). You can validate if your user has the below property defined with the commands below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MgUser -UserId [your_user]@[your_domain] -Property OnPremisesImmutableId | Format-List *\\n\")), mdx(\"p\", null, \"If \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"OnPremisesImmutableId\"), \" is empty you will need to set it. You can use the same value as the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"UserPrincipalName\"), \". To update this property you can use the following.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Update-MgUser -UserId [your_user]@[your_domain] -OnPremisesImmutableId [your_user]@[your_domain]\\n\")), mdx(\"h2\", null, \"Troubleshooting\"), mdx(\"p\", null, \"Below is the list of most frequent errors that was encountered during the federation setup.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AADSTS50107\"), \" error it may mean that while setting up federation you might have specified the `DomainName\\u2019 parameter \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"not\"), \" in the lowercase.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AADSTS51004\"), \":\", mdx(\"strong\", {\n parentName: \"li\"\n }, \"The user account \\u2026 does not exist in \\u2026\"), \". Your user does not have \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"OnPremisesImmutableId\"), \" parameter and that is why Azure cannot make a match between your OpenIAM user and an Azure one.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Insufficient privileges to complete the operation\"), \". It is either your user does not have sufficient permissions or you did not set \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"-Scopes\"), \" parameter while running \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Connect-MgGraph\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"After installing \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Graph\"), \" module you still see an error when you want to use it: \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"[\\u2026]\", \" is not recognized as the name of cmdlet, function\\u2026\"), \". Please make sure that you do not run x86 PowerShell console, but a regular (x64) one.\")), mdx(\"h1\", null, \"Just-In-Time provisioning\"), mdx(\"p\", null, \"Just-In-Time (JIT) provisioning in the context of Security Assertion Markup Language (SAML) refers to the process of creating a user account in an application or system at the moment of user authentication if the account does not already exist. Instead of pre-provisioning user accounts in every service or application, the service can automatically create an account based on the information provided in the SAML assertion when the user logs in for the first time. This can simplify the onboarding process for new users and reduce administrative overhead.\"), mdx(\"p\", null, \"Here's how JIT provisioning generally works in the context of SAML:\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Initial Login\"), \": A user tries to access a service provider (SP), but they don't have an account there.\"), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"SAML Authentication\"), \": The service provider redirects the user to the identity provider (IdP) to authenticate. The user logs in to the IdP.\"), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"SAML Assertion\"), \": Upon successful authentication, the IdP sends a SAML assertion back to the service provider. This assertion contains the user's attributes, like their name, email, roles, or any other necessary information.\"), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Account Creation\"), \": The service provider checks if there's an existing account for the user. If not, it uses the information from the SAML assertion to automatically create a new user account.\"), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Access Granted\"), \": The user gains access to the service, either using their pre-existing account or the newly created one.\")), mdx(\"p\", null, \"Benefits of JIT provisioning include:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Reduced Administrative Overhead\"), \": No need to manually create accounts for each user in advance.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Seamless User Experience\"), \": New users can get immediate access to services without waiting for accounts to be set up.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Reduced Orphaned Accounts\"), \": Since accounts are created when needed, there's a lower chance of having unused accounts that can be a security risk.\")), mdx(\"p\", null, \"However, it's worth noting that JIT provisioning can also introduce challenges, such as:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Attribute Mapping\"), \": Ensuring that attributes provided by the IdP match what's expected by the SP.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"De-provisioning\"), \": While JIT handles automatic account creation, it doesn't address the removal of accounts when users leave an organization or change roles.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Role Management\"), \": The SAML assertion should provide enough information to assign the correct roles or permissions, which might require coordination between the SP and IdP.\")), mdx(\"p\", null, \"When implementing JIT provisioning with SAML, it's essential to plan out the provisioning process, handle potential edge cases, and ensure that the security implications of automatic account creation are fully understood and addressed.\"), mdx(\"p\", null, \"The JIT provisioning can be configured by inserting a respective groovy script in the service provider editing window, as indicated below.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1035px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/35b530e773216b3353a9b3adf4919b9c/c4451/Azure-01-JIT-groovy.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"15.83011583011583%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAADCAYAAACTWi8uAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAh0lEQVQI153KwQqCQACE4X1s61AHt4MaK5S7a1gYaJkQPUiHLkGdeoOgrsHiH5V57NDABzMwYn84MQzn+CpHxksGQUZPWvqjFE9aPN+89y+vz5c4ni+YfMckq9GLLSqtCKYFYVKgbEU8q4l0SaRXrZIoKbs+NmvidNMRtLnfroD7aByNe/BPnjghvJg2jBr0AAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"JIT groovy\",\n \"title\": \"JIT groovy\",\n \"src\": \"/docs-2026.5.2/static/35b530e773216b3353a9b3adf4919b9c/e3189/Azure-01-JIT-groovy.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/35b530e773216b3353a9b3adf4919b9c/a2ead/Azure-01-JIT-groovy.png 259w\", \"/docs-2026.5.2/static/35b530e773216b3353a9b3adf4919b9c/6b9fd/Azure-01-JIT-groovy.png 518w\", \"/docs-2026.5.2/static/35b530e773216b3353a9b3adf4919b9c/e3189/Azure-01-JIT-groovy.png 1035w\", \"/docs-2026.5.2/static/35b530e773216b3353a9b3adf4919b9c/c4451/Azure-01-JIT-groovy.png 1450w\"],\n \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"The example of a respective groovy script is given below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"import org.apache.commons.lang.StringUtils\\nimport org.openiam.base.response.list.GroupListResponse\\nimport org.openiam.base.response.list.RoleListResponse\\nimport org.openiam.base.ws.MatchType\\nimport org.openiam.base.ws.SearchParam\\nimport org.openiam.idm.searchbeans.GroupSearchBean\\nimport org.openiam.idm.searchbeans.RoleSearchBean\\nimport org.openiam.idm.srvc.role.dto.Role\\nimport org.openiam.idm.srvc.user.dto.UserStatusEnum\\nimport org.openiam.srvc.am.GroupDataWebService\\nimport org.openiam.srvc.am.RoleDataWebService\\nimport org.springframework.context.ApplicationContext\\n\\nimport javax.annotation.Resource\\nimport java.util.List;\\n\\nimport org.openiam.idm.srvc.meta.dto.MetadataType;\\nimport org.openiam.idm.srvc.user.dto.User;\\nimport org.openiam.ui.groovy.saml.AbstractJustInTimeSAMLAuthenticator;\\nimport org.opensaml.saml2.core.Attribute;\\nimport org.opensaml.xml.schema.XSString;\\nimport org.opensaml.xml.schema.XSInteger;\\nimport org.apache.commons.collections4.CollectionUtils;\\nimport org.apache.commons.lang3.RandomStringUtils;\\nimport org.opensaml.xml.schema.impl.XSAnyImpl;\\n\\nclass TestJustInTimeSAMLAuthenticator extends AbstractJustInTimeSAMLAuthenticator {\\n\\n final private String userTypeId = \\\"DEFAULT_USER\\\"; // user type\\n final private String accessRoleId = \\\"\\\"; // role id to link user with auth provider\\n final private String managedSysId = \\\"\\\"; // managed sys id of your groups in OpenIAM\\n\\n @Resource(name = \\\"roleServiceClient\\\")\\n protected RoleDataWebService roleServiceClient;\\n\\n @Resource(name = \\\"groupServiceClient\\\")\\n protected GroupDataWebService groupServiceClient;\\n\\n @Override\\n protected MetadataType getEmailType(final List types) {\\n return types.get(0);\\n }\\n\\n @Override\\n protected String getFirstName() {\\n if (CollectionUtils.isNotEmpty(response.getAssertions()) && CollectionUtils.isNotEmpty(response.getAssertions().get(0).getAttributeStatements())) {\\n for (final Attribute attribute : response.getAssertions().get(0).getAttributeStatements().get(0).getAttributes()) {\\n if (\\\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\\\".equalsIgnoreCase(attribute.getName()))\\n return ((XSAnyImpl) attribute.getAttributeValues().get(0)).getTextContent();\\n }\\n }\\n return RandomStringUtils.randomAlphanumeric(5);\\n }\\n\\n @Override\\n protected String getLastName() {\\n if (CollectionUtils.isNotEmpty(response.getAssertions()) && CollectionUtils.isNotEmpty(response.getAssertions().get(0).getAttributeStatements())) {\\n for (final Attribute attribute : response.getAssertions().get(0).getAttributeStatements().get(0).getAttributes()) {\\n if (\\\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\\\".equalsIgnoreCase(attribute.getName()))\\n return ((XSAnyImpl) attribute.getAttributeValues().get(0)).getTextContent();\\n }\\n }\\n return RandomStringUtils.randomAlphanumeric(5);\\n }\\n\\n @Override\\n protected String getEmail() {\\n if (CollectionUtils.isNotEmpty(response.getAssertions()) && CollectionUtils.isNotEmpty(response.getAssertions().get(0).getAttributeStatements())) {\\n for (final Attribute attribute : response.getAssertions().get(0).getAttributeStatements().get(0).getAttributes()) {\\n if (\\\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\\\".equalsIgnoreCase(attribute.getName()))\\n return ((XSAnyImpl) attribute.getAttributeValues().get(0)).getTextContent();\\n }\\n }\\n return null;\\n }\\n\\n protected void populate(final User user) {\\n user.setStatus(UserStatusEnum.ACTIVE);\\n user.mdTypeId = userTypeId;\\n user.addRole(accessRoleId);\\n\\n final List groupIds = this.getGroupsFromResponse();\\n if (CollectionUtils.isNotEmpty(groupIds)) {\\n groupIds.forEach {user.addGroup(this.getGroupIdByName(it, managedSysId))}\\n }\\n }\\n\\n private String getGroupIdByName(String name, String mngSysId) {\\n if (StringUtils.isNotBlank(name)) {\\n final GroupSearchBean groupSearchBean = new GroupSearchBean();\\n groupSearchBean.setNameToken(new SearchParam(name, MatchType.EXACT));\\n groupSearchBean.setManagedSysId(mngSysId)\\n final GroupListResponse response = groupServiceClient.findBeans(groupSearchBean, null, 0, 1);\\n if (response != null && CollectionUtils.isNotEmpty(response.getList())) {\\n return response.getList().get(0).getId();\\n }\\n }\\n return null;\\n }\\n\\n private List getGroupsFromResponse() {\\n final List roleNames = new ArrayList<>();\\n if (CollectionUtils.isNotEmpty(response.getAssertions()) && CollectionUtils.isNotEmpty(response.getAssertions().get(0).getAttributeStatements())) {\\n for (final Attribute attribute : response.getAssertions().get(0).getAttributeStatements().get(0).getAttributes()) {\\n if (\\\"attr_here\\\".equalsIgnoreCase(attribute.getName())) {\\n attribute.getAttributeValues().forEach {\\n roleNames.add(((XSAnyImpl) it).getTextContent());\\n }\\n }\\n }\\n }\\n return roleNames;\\n }\\n\\n private String getRoleIdByName(String name, String mngSysId) {\\n if (StringUtils.isNotBlank(name)) {\\n final RoleSearchBean roleSearchBean = new RoleSearchBean();\\n roleSearchBean.setNameToken(new SearchParam(name, MatchType.EXACT));\\n roleSearchBean.setManagedSysId(mngSysId);\\n final RoleListResponse response = roleServiceClient.findBeans(roleSearchBean, null, 0, 1);\\n if (response != null && CollectionUtils.isNotEmpty(response.getList())) {\\n return response.getList().get(0).getId();\\n }\\n }\\n return null;\\n }\\n\\n private String getRoleFromResponse() {\\n if (CollectionUtils.isNotEmpty(response.getAssertions()) && CollectionUtils.isNotEmpty(response.getAssertions().get(0).getAttributeStatements())) {\\n for (final Attribute attribute : response.getAssertions().get(0).getAttributeStatements().get(0).getAttributes()) {\\n if (\\\"attr_here\\\".equalsIgnoreCase(attribute.getName()))\\n return ((XSAnyImpl) attribute.getAttributeValues().get(0)).getTextContent();\\n }\\n }\\n return null;\\n }\\n}\\n\")));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#azure-is-idp-and-openiam-is-sp","title":"Azure is IDP and OpenIAM is SP","items":[{"items":[{"url":"#configuring-azure","title":"Configuring Azure"},{"url":"#configuring-openiam","title":"Configuring OpenIAM"}]},{"url":"#uploadingupdating-the-azure-sso-certificate-in-openiam","title":"Uploading/Updating the Azure SSO Certificate in OpenIAM","items":[{"url":"#validating-configuration","title":"Validating configuration"},{"url":"#additional-information","title":"Additional information"}]}]},{"url":"#azure-is-sp-and-openiam-is-idp","title":"Azure is SP and OpenIAM is IDP","items":[{"items":[{"items":[{"url":"#verifying-federation-parameters","title":"Verifying federation parameters"},{"url":"#removing-federation-configuration","title":"Removing federation configuration"}]}]},{"url":"#user-sign-on-requirements","title":"User sign on requirements"},{"url":"#troubleshooting","title":"Troubleshooting"}]},{"url":"#just-in-time-provisioning","title":"Just-In-Time provisioning"}]},"parent":{"relativePath":"ssocatalog/Azure.md"},"frontmatter":{"metaTitle":"Azure SSO","metaDescription":"This page describes how to enable SSO with Azure"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ connection timeout issue"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"f78646d4-15fc-5bd0-b03b-08b4ee55d559"}}, "staticQueryHashes": ["2619113677","3706406642","417421954"]}