--- title: AM as a Temenos identity provider description: This use case shows how Temenos can use AM as an OpenID Provider (OP) to authenticate end users. Specifically, you set up AM as an OAuth 2.0 identity service in Temenos Quantum Fabric. component: pingam version: 8.1 page_id: pingam:am-oidc1:use-case-temenos canonical_url: https://docs.pingidentity.com/pingam/8.1/am-oidc1/use-case-temenos.html revdate: June 10, 2025 keywords: ["Use Case"] page_aliases: ["oidc1-guide:use-case-temenos.adoc"] section_ids: temenos-goals: Goals temenos-process: What you'll do temenos-prerequisites: Before you begin temenos-tasks: Tasks temenos-task-1: "Task 1: Configure AM as an OpenID Provider" temenos-task-2: "Task 2: Add AM as an OAuth 2.0 identity service in Temenos" temenos-reference-material: Reference material --- # AM as a Temenos identity provider This use case shows how Temenos can use AM as an OpenID Provider (OP) to authenticate end users. Specifically, you set up AM as an OAuth 2.0 identity service in Temenos Quantum Fabric. AM supports OAuth 2.0 and OpenID Connect (OIDC) natively, making it a good choice for integrating with Temenos and other standards-based applications. ## Goals After completing this use case, you'll know how to do the following: * Configure AM as an OIDC identity provider * Configure Temenos to use AM as an OIDC identity provider ## What you'll do * Create an OIDC application for Temenos. * Configure a Temenos identity service to connect as the application to AM. ## Before you begin Before you start, make sure you have: * A basic understanding of: * The AM admin UI * OAuth 2.0 * OIDC * [Set up AM for evaluation](../evaluation/preface.html), including creating a test user * Access to your AM as an administrator * Access to a Temenos development environment as an administrator ## Tasks | | | | - | -------------------------------------------------------------------------------------------------------------- | | | This use case requires the use of third-party services. Use your environment-specific details where necessary. | ### Task 1: Configure AM as an OpenID Provider 1. Sign on to the AM admin UI as an administrator. 2. Go to the appropriate realm. 3. Go to Applications > OAuth 2.0 > Clients and click + Add Client. 4. On the New OAuth 2.0 Client page, add a client with the following configuration and click Create: | Field | Value | | ---------------- | ---------------------------------------------------------------------------------------------------- | | Client ID | `temenos_oidc` | | Client secret | Enter a password for the client. Remember the password because you need it to configure Temenos. | | Redirection URIs | `https://.auth.konycloud.com/OAuth2/Callback`Here \ is the Temenos account ID. | | Scopes | `openid`, `profile`, `email`, `phone` | The Temenos OIDC client page opens. ### Task 2: Add AM as an OAuth 2.0 identity service in Temenos | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | These instructions include steps for a third-party product. We've verified them to the best of our ability, but third-party functionality and interfaces may change. Read [the official Temenos documentation](https://docs.kony.com/konylibrary/konyfabric/kony_fabric_user_guide/Content/Identity10_Kony_OAuth2.htm#OAuth2ID) if you notice any differences. | 1. Sign on to the Temenos development environment as an administrator. 2. Go to the Quantum Fabric identity service designer page, create a new identity service with the following configuration, and click Save: | Field | Value | | ----------------------------------------------------- | ----------------------------------------------------------------------------- | | Name | `AM` | | Type of Identity | `OAuth 2.0` | | Provider Details > Grant Type | `Authorization Code` | | Provider Details > Authorize endpoint | `https://am.example.com:8443/am/oauth2/realms/root/realms/realm/authorize` | | Provider Details > Token endpoint | `https://am.example.com:8443/am/oauth2/realms/root/realms/realm/access_token` | | Provider Details > Scope | `openid`, `profile`, `email`, `phone` | | Client Details > Client Assertion Type | `Basic authentication` | | Client Details > Client ID | `temenos_oidc` | | Client Details > Client Secret | The password for the `temenos_oidc` client you created in the previous task. | | User Profile Endpoint Details > Profile Endpoint Type | `Profile in response of URL` | | User Profile Endpoint Details > URL | `https://am.example.com:8443/am/oauth2/realms/root/realms/realm/userinfo` | | User Attribute Selectors > Federation ID | `_id` | 3. Use the Test Login feature to test the identity service. Sign on as the AM test user you created when [setting up AM for evaluation](../evaluation/preface.html). 4. When the service works as expected, publish the Fabric application. ## Reference material Find background information for the procedures in this use case in the following documentation: * Learn how to connect any OIDC relying party to AM in [Client application registration](../am-oauth2/oauth2-register-client.html) or [Customize dynamic client registration](dynamic-client-registration-script.html). * Learn how to configure a Quantum Fabric OAuth 2.0 Identity Service in [Temenos Quantum Fabric OAuth 2.0 Identity Service](https://docs.kony.com/konylibrary/konyfabric/kony_fabric_user_guide/Content/Identity10_Kony_OAuth2.htm#OAuth2ID).