OpenID 2.0 Auth Module
OpenID 2.0 authentication modules are legacy authentication modules in YouTrack. Use this page to manage OpenID 2.0 modules that were created in earlier versions of YouTrack.
Use OpenID Connect for New Connections
To connect YouTrack to an identity provider that supports OpenID Connect, create and configure an OpenID Connect authentication module.
If your identity provider doesn't support OpenID Connect, configure a different supported authentication module or switch to an identity provider that supports a current authentication protocol.
To replace a legacy OpenID 2.0 authentication module with OpenID Connect:
Open the settings page for your existing OpenID 2.0 authentication module.
Review the settings for the legacy module, including the server URL, user data schema, and user management settings.
For details, see Settings and Additional Settings.
Create and configure an OpenID Connect authentication module for the same identity provider.
For instructions, see OpenID Connect Auth Module.
Use Test login in the OpenID Connect authentication module to verify that users can sign in with the replacement module.
Enable the OpenID Connect authentication module.
Disable the legacy OpenID 2.0 authentication module.
After you confirm that users can sign in with OpenID Connect, delete the legacy OpenID 2.0 authentication module.
Actions
The following actions are available in the header:
Action | Description |
|---|---|
Set default | Designates the authentication module as the default for your YouTrack site. Only one authentication module can be set as the default at any time. If another module is currently set as the default, that state is cleared. This option is only shown when the current authentication module is not designated as the default. |
Clear default | Removes the authentication module as the default for your YouTrack site. If none of the available authentication modules are designated as the default, unauthenticated users are always directed to the Hub login page. This option is only shown when the current authentication module is designated as the default. |
Disable module | Disables the authentication module. This option is only shown when the authentication module is currently enabled. |
Enable module | Enables the authentication module. This option is only shown when the authentication module is currently disabled. |
Delete module | Removes the authentication module from YouTrack. Use only when you have configured additional authentication modules that let users log into your YouTrack site. |
Settings
The settings are configured automatically for legacy OpenID 2.0 authentication modules. You normally don't have to change these settings. To configure the options that define how YouTrack treats new user accounts with OpenID credentials, see Additional Settings.
Field | Description |
|---|---|
Type | Displays the name of the application or service that is enabled for third-party authentication in YouTrack. |
Name | Stores the name of the authentication module. Use this setting to distinguish this module from other authentication modules in the Auth Modules list. |
Additional Settings
The settings on the Additional settings tab let you manage account creation and group membership and reduce the loss of processing resources consumed by idle connections.
Option | Description |
|---|---|
User creation | Enables creation of YouTrack accounts for unregistered users who log in with an account that is stored in the connected authorization service. YouTrack uses the email address to determine whether the user has an existing account. |
Email auto-verification | Determines how YouTrack sets the verification status of an email address when the authentication service does not return a value for this attribute. |
Auto-join groups | Adds users to a group when they log in with an account that is stored in the connected authorization service. You can select one or more groups. New users that auto-join a group inherit all the permissions assigned to this group. We recommend that you add users to at least one group. Otherwise, a new user is only granted the permissions that are currently assigned to the All Users group. |
Connection timeout | Sets the period of time to wait to establish a connection to the authorization service. The default setting is 5000 milliseconds (5 seconds). |
Read timeout | Sets the period of time to wait to read and retrieve user profile data from the authorization service. The default setting is 5000 milliseconds (5 seconds). |
Audit | Links to the Audit Events page in YouTrack. There, you can view a list of changes that were applied to this authentication module. |