Migrate TrustProvider Endpoints

Check your organization's OIDC endpoints and migrate from v1 to v2

  • Updated on Nov 11, 2020

This article describes features that are only available in the Banyan Enterprise edition.

In the Banyan 2.9 Release in 2020-Mar, we published new V2 OIDC endpoints used for Passwordless Authentication. In a future release, we will deprecate existing V1 OIDC endpoints.

If your organization is already using Passwordless Authentication, you must migrate your configuration from the V1 endpoints to the V2 endpoints before the V1 endpoints are deprecated.

How to Check OIDC Endpoint Versions

To check your OIDC endpoint version, navigate to Settings > TrustProvider Settings > OIDC Settings and view the OpenID Connect Settings fields.

V1 endpoints do not include your organization name or the v2 tag.

V2 endpoints include your org name (such as, releaseorg) and the v2 tag. For example, https://[orgname].trust.banyanops.com/v2/.

Migrate Endpoints for Passwordless Authentication

To migrate from V1 OIDC endpoints to V2 OIDC endpoints:

1. In the Banyan Command Center, navigate to Settings > TrustProvider Settings > OpenID Connect Settings and delete the existing configuration.

2. Obtain the Redirect URL from your Identity Provider and then enter it in the Redirect URL field.

3. Click Create, and note the provided values in OpenID Connect Settings and App Client for Passwordless Authentication (to be used in step 4).

4. In your Identity Provider, locate the existing configurations to route traffic to Banyan as a federated/OIDC Identity Provider, and then update the existing V1 endpoints to the v2 endpoints (noted in step 3).

5. In the Banyan Command Center, navigate to Settings > TrustProvider Settings > Identity Provider and append the Redirect URL to the v2 endpoint (for example, https://[orgname].trust.banyanops.com/v2/callback).

That’s it! You’ve successfully migrated your V1 OIDC endpoints to V2 OIDC endpoints.