End of Sale Notice:

F5 NGINX is announcing the End of Sale (EoS) for NGINX Controller API Management Module, effective January 1, 2024.

F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing NGINX Controller API- Management customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.

See our End of Sale announcement for more details.
End of Sale Notice:

F5 NGINX is announcing the End of Sale (EoS) for NGINX Controller Application Delivery Module, effective January 1, 2024.

F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing NGINX Controller Application Delivery customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.

See our End of Sale announcement for more details.

Manage Identity Providers

Create and Manage Identity Providers.

Overview

The Identity Providers page lets you create and manage Identity Providers to control access to your services (APIs for API Management module deployments, and Apps for App Delivery module deployments).

Tip:
If you prefer, you can use the NGINX Controller API to create and manage Identity Providers. See the NGINX Controller API reference guide (Security > Identity Providers) for details.

Before You Begin

Important:
You must set up NGINX Plus to use the njs module to use API key authentication.

Set up NGINX Plus Instances to Secure API Keys

When using API keys for authentication, the API key is written to the NGINX Plus config as cryptographically-protected hashes.

To use API key authentication for any element of NGINX Controller, you must install the njs module on all NGINX Plus instances.

If you do not install the njs module and use API key authentication, whether for API Management or elsewhere, the system may experience errors that are not reported in the user interface.

See the NGINX Admin Guide for njs installation instructions.

Add an Identity Provider

Take the following steps to create an Identity Provider:

  1. Open the NGINX Controller user interface and log in.

  2. Select the NGINX Controller menu icon, then select Services.

  3. On the Services menu, select Identity Providers.

  4. On the Identity Provider page, select Create an Identity Provider.

  5. Provide a name.

  6. Select an Environment, or to Create an Environment, select Create New.

  7. Select the option to use an API key or a JWT (JSON Web Token).

    a. API Key:

    • Select Import to upload a .csv file containing Client names and keys.

      –OR–

    • Select Create a Client and provide a name for the Client. You can use the system-generated key or provide one of your own.

      Note:

      Keys must be between 8 and 256 characters and alphanumeric.

      • Hyphens ‘-’ and underscores ‘_’ are allowed.
      • Other special characters are not allowed.

    b. JWT:

    Create a new JWT Client Group by choosing one of the following options:

  • Paste the contents of a .jwk file into the text box

  • Provide the URL of the .jwk file’s location. NGINX Controller fetches the URL, caches it, and refreshes the cache every 12 hours. If the cache cannot be refreshed, the previous version of the .jwk is used.

  1. Select Create.

Remove an Identity Provider

  1. Open the NGINX Controller user interface and log in.

  2. Select the NGINX Controller menu icon, then select Services.

  3. On the Services menu, select Identity Providers.

  4. On the Identity Provider page, select the Identity Provider name to edit it.

  5. Select the Remove link.

  6. When prompted, confirm that you want to remove the provider.