--- title: Advanced Identity Cloud as a Temenos identity provider description: "Estimated time to complete: 30 minutes." component: pingoneaic page_id: pingoneaic:use-cases:use-case-temenos canonical_url: https://docs.pingidentity.com/pingoneaic/use-cases/use-case-temenos.html revdate: May 19, 2025 keywords: ["Advanced Identity Cloud", "Use Case"] section_ids: temenos-goals: Goals temenos-process: What you'll do temenos-prerequisites: Before you begin temenos-tasks: Tasks temenos-task-1: "Task 1: Configure Advanced Identity Cloud as an OpenID Provider" temenos-task-2: "Task 2: Add Advanced Identity Cloud as an OAuth 2.0 identity service in Temenos" temenos-reference-material: Reference material --- # Advanced Identity Cloud as a Temenos identity provider Estimated time to complete: 30 minutes *(tooltip: This assumes you've already completed the prerequisites.)*. This use case shows how Temenos can use Advanced Identity Cloud as an OpenID Provider (OP) to authenticate end users. Specifically, you set up Advanced Identity Cloud as an OAuth 2.0 identity service in Temenos Quantum Fabric. Advanced Identity Cloud supports OAuth 2.0 and OpenID Connect (OIDC) natively, making it a good choice for integrating with Temenos and other standards-based applications. ## Goals After completing this use case, you'll know how to do the following: * Configure Advanced Identity Cloud as an OIDC identity provider * Configure Temenos to use Advanced Identity Cloud as an OIDC identity provider ## What you'll do * Create an OIDC application for Temenos. * Configure a Temenos identity service to connect as the application to Advanced Identity Cloud. ## Before you begin Before you start, make sure you have: * A basic understanding of: * The Advanced Identity Cloud admin console and hosted pages * OAuth 2.0 * OIDC * Completed the [Create test users and roles](use-case-test-users-and-roles.html) use case * Access to your test Advanced Identity Cloud environment as an administrator * Access to a Temenos development environment as an administrator ## Tasks | | | | - | -------------------------------------------------------------------------------------------------------------- | | | This use case requires the use of third-party services. Use your environment-specific details where necessary. | ### Task 1: Configure Advanced Identity Cloud as an OpenID Provider 1. Sign on to the Advanced Identity Cloud admin console as an administrator. 2. Go to [icon: apps, set=material, size=inline] Applications > [icon: add, set=material, size=inline] Custom Application > OIDC - OpenId Connect > Web. 3. On the Application Details page, add a web application with the following configuration and click Next: | Field | Value | | ----------- | -------------- | | Name | `temenos_oidc` | | Description | `Temenos OIDC` | | Owners | `App Owner` | 4. On the Web Settings page, add the following configuration, and then click Create Application: | Field | Value | | ------------- | ------------------------------------------------------------------------------------------------ | | Client ID | `temenos_oidc` | | Client Secret | Enter a password for the client. Remember the password because you need it to configure Temenos. | The Temenos OIDC client page opens. 5. On the Temenos OIDC client page, click the Sign On tab, add the following configuration and click Save: | Field | Value | | ------------ | ------------------------------------------------------------------------------------------------------ | | Sign-in URLs | `https://.auth.konycloud.com/OAuth2/Callback` where \ is the Temenos account ID. | | Grant Types | `Authorization Code` | | Scopes | `openid`, `profile`, `email`, `phone` | 6. (Optional) Require Advanced Identity Cloud to ask for consent to share information during authorization flows. Go to General Settings, click Show advanced settings, and select Authentication. Clear Implied Consent. ### Task 2: Add Advanced Identity Cloud as an OAuth 2.0 identity service in Temenos | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | These instructions include steps for a third-party product. We've verified them to the best of our ability, but third-party functionality and interfaces may change. Read [the official Temenos documentation](https://docs.kony.com/konylibrary/konyfabric/kony_fabric_user_guide/Content/Identity10_Kony_OAuth2.htm#OAuth2ID) if you notice any differences. | 1. Sign on to the Temenos development environment as an administrator. 2. Go to the Quantum Fabric identity service designer page, create a new identity service with the following configuration, and click Save: | Field | Value | | ----------------------------------------------------- | ---------------------------------------------------------------------------- | | Name | `Advanced Identity Cloud` | | Type of Identity | `OAuth 2.0` | | Provider Details > Grant Type | `Authorization Code` | | Provider Details > Authorize endpoint | `https:///am/oauth2/alpha/authorize` | | Provider Details > Token endpoint | `https:///am/oauth2/alpha/access_token` | | Provider Details > Scope | `openid`, `profile`, `email`, `phone` | | Client Details > Client Assertion Type | `Basic authentication` | | Client Details > Client ID | `temenos_oidc` | | Client Details > Client Secret | The password for the `temenos_oidc` client you created in the previous task. | | User Profile Endpoint Details > Profile Endpoint Type | `Profile in response of URL` | | User Profile Endpoint Details > URL | `https:///am/oauth2/alpha/userinfo` | | User Attribute Selectors > Federation ID | `_id` | 3. Use the Test Login feature to test the identity service. Sign on as an Advanced Identity Cloud test user you created in the [Create test users and roles](use-case-test-users-and-roles.html) use case. 4. When the service works as expected, publish the Fabric application. ## Reference material Find background information for the procedures in this use case in the following documentation: * Learn how to connect any OIDC relying party to Advanced Identity Cloud in [Register a custom OIDC application](../app-management/register-a-custom-application.html#openid-connect-oidc). * Learn how to configure a Quantum Fabric OAuth 2.0 Identity Service in [Temenos Quantum Fabric OAuth 2.0 Identity Service](https://docs.kony.com/konylibrary/konyfabric/kony_fabric_user_guide/Content/Identity10_Kony_OAuth2.htm#OAuth2ID).