The institution settings on the Authentication screen are available so you can configure authentication settings for ebs websites, that is: ebs: ontrack Hub and ebs: ontrack Learner Hub.
Note: Refer to ebs: central Configuration for further information about institution settings for Microsoft Entra ID and Google Workspace.
The fields on the Authentication screen are described in the following table.
| This field | Holds this information... |
|---|---|
| Identity Provider URL | The identity provider URL, such as https://login.microsoftonline.com/875234d9-89cf-4eb0-b006-04d19cc27e89/v2.0 |
| Identity Provider Client ID for Ontrack Learner Hub | The identity provider client ID to use when logging into ebs: ontrack Learner Hub. For example, 83886288-4849-4b8b-a714-4d4dadcf9569. |
| Identity Provider token scope for Ontrack Learner Hub | The identity provider token scope to use when logging into ebs: ontrack Learner Hub. For example, openid profile. |
| Identity Provider Client ID for Ontrack Hub | The identity provider client ID to use when logging into ebs: ontrack Hub. For example, 93886288-4849-4b8b-a714-4d4dadcf9569. |
| Identity Provider token scope for Ontrack Hub | The identity provider token scope to use when logging into ebs: ontrack Hub. For example, openid profile. |
| Identity Provider Client ID for ebs Central | The identity provider client ID to use when logging into ebs: central, such as 93886288. |
| Identity Provider token scope for ebs Central |
The identity provider token scope to use when logging into ebs: central with Identity Server. This field must be set to openid profile. |
| Default OIDC issuer | The OpenID Connect (OIDC) issuer. |
| Dual authentication link message for ontrack Prospect | The link message to display on the ebs: ontrack Learner Hub login screen for institutions that are using dual authentication. |
| Dual authentication button text | Defines the text shown on the dual authentication button on the login page in ontrack. |
| Dual authentication button alt/hint text | Defines the alt text shown on the dual authentication button on the login page in ontrack. |
| Dual authentication button show logo | Whether the dual authentication button includes the Microsoft or Google logo. |
| External authentication ontrack Learner Hub URL | Text field to contain the URL for your external authentication ontrack URL |
| External authentication ontrack Learner Hub OIDC issuer | Contains a drop down of options based on the OIDC issuers reference data |
| External authentication ontrack Learner Hub client ID | Text field to contain the client ID for your external authentication tenant. |
| External authentication ontrack Learner Hub token scope | Text field to contain the token scope for the external authentication |
| External authentication ontrack Learner Hub link message | Text field to contain the message to be displayed to learners to guide them to the external authentication sign up/sign in. |
| External authentication ontrack Hub Enabled | Whether external authentication is enabled for ontrack Hub. |
| External authentication ontrack Hub show ebs login page | Whether the ebs login page i.n ontrack Hub is displayed to an end-user or bypassed to only show the external authentication provider page. |
| External authentication ontrack Hub URL | Text field to contain the URL for your external authentication ontrack URL |
| External authentication ontrack Hub OIDC issuer | Contains a drop down of options based on the OIDC issuers reference data |
| External authentication ontrack Hub Client ID | Text field to contain the client ID for your external authentication tennant. |
| External authentication ontrack Hub token scope | Text field to contain the token scope for the external authentication |
| External authentication ontrack link message | Text field to contain the message to be displayed to staff to guide them to the external authentication sign up/sign in. |
| ebs Authentication for ontrack Hub? (Y/N) | Whether the ebs username and password are displayed on the login page in ontrack Hub. |
| External Authentication show Registration page to new users |
Defines whether a new B2C external user is shown the registration page to capture additional details, such as a date of birth. When set to Y, a new user is redirected to the UserRegistrationExternal page to allow an institution to capture further details about the user, such as a date of birth. When set to N, a new user is redirected to the UserRegistrationExternalNonInteractive page and the user will not be required to complete any additional fields to complete their registration. Note: When using this flow then you may wish to consider mandating population of fields in B2C. If Surname is not specified, this page will use a default of 'Not specified' as within ebs a Surname is a mandatory field. |
| The ebs username allowed to act as the Identity Provider service account | The ebs username to be used for the identity provider service account. |
| The value allowed when the SMS is used as the authentication issuer | The value allowed when the SMS is used as the authentication issuer. |
| The Identity Provider access token scope which identifies the rest services | The identity provider access token scope that identifies the rest services. |