Log in to https://manage.auth0.com/.
Navigate to Getting started and click Create Application.
Do one of the following:
If you don't have any specific requirements for your environment, select either Single Web Page Applications or Regular Web Applications.
If you know that your environment requires a specific type of application, select that type.
Click Create.
Select the Settings tab and copy the values of Client ID and Client Secret.
In the Allowed Callback URLs field, specify https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
Select the Endpoints tab in the Advanced settings section and copy the value of the OpenID Configuration field.
In the left pane, navigate to Users under User Management.
Navigate to Create Users and click Create User.
Add the email and password of the user.
(Optional) Verify the user's email:
Click the three dots button.
In Details, go to email and verify the email.
Once the above steps are completed, copy the values from which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
| Settings | Value | Details |
|---|---|---|
Domain
Ex: acme.com or parallels.com or <yourorgdomain.com>
The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]
Discovery URL
Copy this value from Auth0 IDP Settings. It should follow the format specified in the Value Column
Client ID
******************
Copy this value from Auth0 IDP Settings
Client Secret
******************
Copy this value from Auth0 IDP Settings
Username Claim Name
For more info visit;
https://auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims
Groups Claim Name
groups
For more info visit;
https://auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims
Log in to the Microsoft Azure portal https://portal.azure.com/#home.
Open the portal menu and select Microsoft Entra ID.
On the left pane, select App registrations.
Click New registration (at the top of the right pane). The Register an application blade opens.
In the Name field, type the name you want to use for the application.
Select an appropriate account type.
In the Redirect URI section, make sure that Web is selected in the drop-down list and add the following URIs:
https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
Click Register (at the bottom left).
If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.
In the left pane, click Certificates & secrets.
In the right pane, click New client secret.
Type a client name and select a desired expiration option.
Click Add. The new client secret appears in the Client secrets list.
Warning: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.
Select your application and on the left pane, select Token configuration.
Click Add groups claim.
Select an appropriate group type.
Click Add.
Click Add optional claim.
In the Token type section, select ID.
Select preferred_username.
Click Add.
Select your application and on the left pane, select API permissions.
Click Add a permission.
Click the Microsoft Graph card.
Click the Delegated permissions card.
Open the Group section.
Select the following permissions:
Group.Read.All
Click Add permissions.
Click Grant admin consent for...
Confirm you want to grant admin consent by clicking Yes.
Select your application and on the left pane, select Overview.
Save the following information for use in the Parallels Browser Isolation Management Portal setup:
Application (client) ID
Click the Endpoints button.
Save the value of the OpenID Connect metadata document field for use in the Parallels Browser Isolation Management Portal setup.
Make sure to securely store the client secret and other sensitive information.
Once the above steps are completed, copy the values from Entra ID which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
Log in to the Google Cloud Console at https://console.cloud.google.com/.
At the top of the page, click Select a Project or New Project.
In the left menu (or under Quick access on the page), click on APIs & Services, then OAuth consent screen.
In the User Type section, select Internal.
Fill in Application name and Support email fields, and click Save and Continue.
Add email, profile, and openid.
Click the Create credentials button, and select OAuth client ID.
Fill in the details below and click Create.
Application Type: Web application
Name: [Name of you application]
Authorized redirect URIs: https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
This is the Parallels Browser Isolation redirect URL.
In the dialog that appears, copy the Client ID and Client Secret or download the JSON file.
Once the above steps are completed, copy the values which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
Use this page to build and configure your OKTA OIDC
On your Okta admin dashboard, go to Applications > Applications.
Select Create App Integration.
In the Sign-in method section, select OIDC - OpenID Connect.
In the Application type section, select Web Application. Click Next.
Enter a name for the application as relevant to your organization. For example, Acme Inc.
In the Sign-in redirect URIs field, specify https://pbi.parallels.com/rbi/oidc/signin/callback and https://pbi.parallels.com/owner/test-idp.
On the General tab, copy the Client ID and Client secret.
Once the above steps are completed, copy the values from OKTA which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
| Settings | Value | Details |
|---|---|---|
| Settings | Value | Details |
|---|---|---|
| Settings | Value | Details |
|---|---|---|
Domain
Ex: acme.com or parallels.com or <yourorgdomain.com>
The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]
Discovery URL
https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration
Copy this value from MS Entra ID, IdP Settings. It should follow the format specified in the Value Column
Client ID
******************
Copy this value from MS Entra's IdP Settings
Client Secret
******************
Copy this value from MS Entra's IdP Settings
Username Claim Name
For more info visit;
https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
Groups Claim Name
groups
For more info visit; https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
Domain
Ex: acme.com or parallels.com or <yourorgdomain.com>
The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]
Discovery URL
Copy this value from Google's IDP Settings. It should follow the format specified in the Value Column
Client ID
******************
Copy this value from Google's IDP Settings
Client Secret
******************
Copy this value from Google's IDP Settings
Username Claim Name
For more info visit; https://developers.google.com/identity/openid-connect/openid-connect
Groups Claim Name
groups
For more info visit; https://developers.google.com/identity/openid-connect/openid-connect
Domain
Ex: acme.com or parallels.com or <yourorgdomain>
The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]
Discovery URL
Copy this value from OKTA's IDP Settings. It should follow the format specified in the Value Column
Client ID
******************
Copy this value from OKTA's IDP Settings
Client Secret
******************
Copy this value from OKTA's IDP Settings
Username Claim Name
For more info visit; https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/
Groups Claim Name
For more info visit; https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/
