In Access Management, you need to update the redirect URL for the Add-ons application and obtain the client ID and client secret for the Add-ons API.
Before you begin
This task has the following prerequisites:
- You have access as an Administrator to Access Management.
- An identity provider is configured in Access Management for use with Tridion Sites 9.5.
- If migrating from Tridion Sites 9.1, you have access to that version of the authsettings.json file, which contains claim information needed for this task.
Note: In Tridion Sites 9.1, prior to the introduction of the Access Management feature, securing the Add-ons feature was done through a direct interaction with an external IdP, and you defined IdP role and claim mappings in the authsettings.json file. From 9.5 onward, you need to define these mappings in the Access Management application.
Procedure
- In your Tridion Sites environment, open Access Management.
- Go to the Applications tab.
- Expand the row for the Add-ons application, and then select Edit.
- Update the Redirect URL to match the URL of your installed the Add-ons application.
- Click Save.
- Go to the Service accounts tab and open the service account named Add-ons Service API.
- In the Client information section, do the following:
- Select the copy button for the Client ID to copy the ID value to your clipboard, and then paste it to a secure location that you can access in a subsequent task.
- Select Add client secret to generate a new secret.
Note: The default and maximum expiration is one year. You can change it to be shorter than that, but no longer. Make note of the expected expiration date and generate a new one before that time.
- Select the copy button to copy the secret to your clipboard, and then paste the secret to a secure location that you can access in a subsequent task. You cannot copy a secret that has been previously generated and saved.
- Select Save.
- Go to the Identity providers tab.
- Open the identity provider and select Edit.
- In the Access settings section, define claims that you want to be used for the Add-ons feature.
Note: If you are upgrading from Tridion Sites 9.1 where you secured the Add-ons Service directly with an external identity provider, the claims will be based on the information in the Mappings section of your previous authsettings.json file (the copy from 9.1).
For each claim you want to define, the steps are as follows:
- In the Claims list, select Add claim.
- Enter a Type and Value.
If migrating from 9.1, these should match the ClaimType and ClaimValue settings respectively in the authsettings.json file.
- In the Applications list, select Add-ons.
- In the Services and roles list, locate the section for the Add-ons Service API and select the appropriate role.
If migrating from 9.1, this should be the Role in authsettings.json.
- Repeat these steps for each additional claim.
What to do next
Continue with the individual tasks to set up Content Manager and Content Delivery for the secured
Add-ons Service. Each tasks involves configuring the client ID and secret you obtained in this task.