Beta: OpenID Connect Integration in CC

Beta

Please note, this integration is in a beta phase. Please provide any feedback or enhancement requests to your HYPR Account Manager and these will be worked into our next release.

Connecting OpenID Connect to HYPR

Go to the Integrations screen in the HYPR Control Center and click Add New Integration to show a list of available integration types.
Select the OpenID Connect integration.

To integrate HYPR and any OpenID Connect, you just need to provide some basic information on the Integrations screen.

The following parameters are required:

Field Value

OpenID Connect Application Name The name you provide here will be used in four places: 1) For an application that HYPR creates in the Console; 2) For the web account name that users will see in the HYPR Mobile App; 3) For the HYPR Device Manager page where users register their devices; and 4) For internal identification of this integration within the HYPR platform. You can use any name you like, but it’s best to go with something that indicates the purpose of the application, like HYPROpenIdConnectSSO. Any spaces or special characters will be automatically removed from the name you supply. The namespace is limited to 23 characters.

OIDC Redirect URL List A comma-separated list of OIDC URLs where HYPR will redirect the authorization code. These are provided by the OpenID Connect.

Click Add Integration to begin. If the action is successful, you’ll see the Integration Added confirmation dialog.
Click Maybe Later to exit back to the main OpenID Connect integration page.
Open the Integration Settings tab. Three additional fields now display, populated by values HYPR generates in Keycloak. The values in these fields will be needed to input into the OIDC connection to the Control Center. Leave this dialog open or make a note of the values HYPR generates here.

Field	Value
OpenID Connect Application Name	The name you provide here will be used in four places: 1) For an application that HYPR creates in the Console; 2) For the web account name that users will see in the HYPR Mobile App; 3) For the HYPR Device Manager page where users register their devices; and 4) For internal identification of this integration within the HYPR platform. You can use any name you like, but it’s best to go with something that indicates the purpose of the application, like `HYPROpenIdConnectSSO`. Any spaces or special characters will be automatically removed from the name you supply. The namespace is limited to 23 characters.
OIDC Redirect URL List	A comma-separated list of OIDC URLs where HYPR will redirect the authorization code. These are provided by the OpenID Connect.

HYPR Connector

Using the values copied at the end of the previous section, complete the OpenID Connect HYPR Connector deployment by following the steps here.

Enrolling Yourself in the OpenID Connect Integration

Follow the enrollment instructions in the main Integrations article. Adding yourself as an admin and adding other users to the integration are performed in the same manner.

No Sync in OpenID Connect

The User Enrollment Drawer for the OpenID Connect Integration does not use IdP Synced Users, nor does it include the option to Sync Users; instead it will only display the Send Manually tab and the option to Upload a CSV.

Enable, Enroll, and Audit

Continue with the HYPR Integrations common UI experience in the Integrations main page to complete Enabling your integration, enrolling users, and monitoring activity with the integration's Audit Trail.

Connecting OpenID Connect to HYPR​

HYPR Connector​

Enrolling Yourself in the OpenID Connect Integration​

Connecting OpenID Connect to HYPR

HYPR Connector

Enrolling Yourself in the OpenID Connect Integration