To configure your AWS EKS cluster for OIDC authentication, you must first create a PingOne OIDC application to acquire the required OIDC Issuer URL and OIDC Client ID.

To create a PingOne OIDC application:

  1. Sign on to your PingOne for Enterprise tenant.
  2. Go to Applications > My Applications > OIDC.
  3. Select Advanced Configuration, and click Next.

    Screen capture showing how to select the Advanced Configuration option for the OIDC application.
  4. Type the Application Name and Description, and click Next.
  5. In the Authorization Settings section, check Authorization Code for the Allowed Grant Types.
  6. To include a client secret, click Add Secret. Record the Client ID and Client Secret for later use. Click Next.

    Screen capture showing how to configure the Allowed Grant Type authorization setting and where to add a secret for the OIDC application.
  7. In the SSO Flow and Authentication Settings section, enter the following:
    1. In the Start SSO URL field, enter https://localhost.
    2. In the Redirect URIs field, enter http://locallhost:8000 and http://localhost:18000.
    3. Click Next.

    Screen capture showing how to add the Start SSO URL and Redirect URIs.
  8. Leave the default configuration for Default User Profile Attribute Contract and Connect Scopes.
  9. Configure the required Attribute Mapping for the subject attribute. Click Next.

    Screen capture showing how to configure the attribute mapping for the subject attribute.
  10. Assign any required PingOne Groups for access, and then click Done.