Configuring the client registration for Pega Mobile Client authentication against an external OIDC server

Configure client registration to increase the security of your application, by enabling authentication against an external OpenID Connect (OIDC) identity provider (IdP) for Pega Mobile Client.
Before you begin: Register your application with an external OIDC IdP, for example, Google, and then obtain the parameters that you must then enter in Pega Platform. For the list of parameters to gather, see Custom parameters for direct authentication against an external OIDC server.
Note: Ensure that the OIDC IdP derives the Audience claim from the Client ID value. For more information, see the documentation for the selected OIDC IdP.
  1. In the header of Dev Studio, click Create > Security > OAuth 2.0 Client Registration.
  2. On the Create OAuth 2.0 Client Registration screen, enter the name and a short description of the client, and then click Create and open.
  3. In the Client credentials section, select Confidential.
  4. Click View & download, and then download the text file with client registration parameters by clicking Download credentials.
  5. In the Supported grant types section, clear any selected options, and then select the JWT bearer check box.
  6. In the Identity mapping box, specify the identity mapping:
    • To use an existing identity mapping data instance, in the list of entries, select a JSON Web Token identity mapping instance, and then go to step 12.
    • To create a new identity mapping data instance, click the Open icon.
  7. On the Create Identity Mapping screen, enter the name and a short description of the identity mapping instance, and then click Create and open.
  8. In the Token processing profile field, specify the profile for validating the token:
    • To use an existing token processing profile, in the list of instances, select an existing JSON Web Token token processing profile, and then go to step 11.
    • To create a new token processing profile, click the Open icon.
  9. On the token processing profile configuration screen, in the Claims validation section, define the validation parameters:
    1. In the Issuer (iss) field, enter the address of an external OIDC authentication server.
    2. In the Audience (aud) field, enter the Client ID value that you obtain from the OIDC authentication server.
  10. On the token processing profile configuration screen, save the token processing profile by clicking Save.
  11. On the identity mapping profile configuration screen, save the identity mapping by clicking Save.
  12. On the client registration configuration screen, save the client registration by clicking Save.
What to do next: Enable the mobile authentication service. For more information, see Enabling the mobile authentication service for Pega Mobile Client authentication against an external OIDC server.