Setup Account Based Licensing with OpenID tokens.
Last updated
Last updated
Zentitle2
Service terms© Copyright - Nalpeiron, all rights reserved Website use subject to Terms and Conditions. See our Privacy Policy Use of Zentitle is subject to our Service Terms and Conditions
Please follow the next steps for successful account-based licensing integration within Zentitle 2 using OpenID tokens.
In the UI, go to the Account Based Licensing page (inside the Administration section).
The Account-Based Licensing page is located under the "Administration" > "Configuration" > "Account-Based Licensing" on the top menu.
Click the "add" button in the top right of the page to add the iDP details.
Now enter the required information:
IDP URL - root URL of the identity provider.
The URL is required to retrieve the IDP details from the OIDC metadata endpoint. The most important information is the cryptographic keys used to sign the JWT tokens - so that the licensing server can verify the authenticity and integrity of the tokens provided by the client application.
Username claim - the name of the claim inside the token, which should be used to retrieve the username associated with the seat when activating the license (email, name, user_name, etc.).
Authentication claim—the claim that holds the user's unique identifier, which will be used to match the JWT token with a specific account. The name of the claim depends on the configuration done in the Identity Provider service.
Certain integration calls must be executed to enable authentication when a new entitlement is created. Assuming that the entitlement has been created, including customer assignment, the following actions must be executed:
Create an identity in the vendor's authentication platform.
Add an end-user account under the same Zentitle 2 customer with the authentication type set to OpenID Token
and claim value stored under the authentication claim for this specific identity in the authentication platform.
Assign the newly created account to have access to the currently processing entitlement.
After the ABL has been configured and integration has been set up, the seat can be activated using the JWT token obtained from the Identity Provider when performing the user authentication in the client application.
To do so, execute an API call [POST] {licensing_api_url}/activate
with body
The rest of the client application logic related to licensing is the same as when using the activation code for seat activation.
Only identity providers that are compliant with the OpenID protocol are supported right now.