Key Pair

The Key Pair credential type stores a Secret Key and Secret Value used for authentication. The credentials are stored securely and their values are masked in the UDMG Admin UI after creation. They are used in one context:

-The Key Pair represents the Client ID and Secret used in the configuration for Single Sign-On (SSO) providers with the OIDC (OpenID Connect)/OAuth 2.0 protocol. The credentials identify and authenticate UDMG with the Identity Provider, exchanging authorization codes for tokens.

Use Case

#	Use Case	Referenced By	Purpose
1	SSO - OIDC/OAuth 2.0 Authentication	Domain - SSO provider with OIDC/OAuth 2.0 protocol	Identifies and authenticates UDMG with the Identity Provider

SSO - OIDC/OAuth 2.0 Authentication

When UDMG processes a OIDC/OAuth 2.0 login flow, the Identity Provider returns an Authorization Code for user authentication. UDMG then sends to the Identity Provider's Token Endpoint the Key Pair credential and Authorization code. The Identity Provider validates the Key Pair and returns access tokens and ID tokens, granting UDMG access to the User's information and access.
The Key Pair is made up of two components:

1. Secret Key = The value represents the Client ID, which is a unique identifier assigned to your application (Service Provider) by the Identity Provider.

2. Secret Value = The value represents the Service Provider Client Secret issued to your application for authentication to the Token Endpoint.

Implementation

1. The Identity Provider administrator generates the credentials (Client ID and Secret) outside of UDMG and shares it with your organization.
2. A new Credential (with Type: Key Pair) is added on the Credentials page with the content from Step 1.
3. A new or existing SSO provider configuration (with Protocol: OIDC /OAuth 2.0) is updated to reference this Credential.
4. When an SSO User login occurs, UDMG uses the stored credential to identify and authenticate the Identity Provider before granting access.

Adding an Key Pair

To add an Key Pair, follow these steps:

1. From the Sidebar, click Configuration > Credentials.
2. Click Add Credential.
3. Select Key Pair as the Credential Type.
4. Enter an identifying Name and Description, and optionally Valid From and Valid To dates.
5. Enter or paste the Client ID and Secret content in the Secret Key and Secret Value fields, respectfully.
6. Click Add.

info

Each Key Pair must be properly created to be referenced by other Configuration Items.

Field Descriptions

The following table lists all fields that can be completed when adding (or editing) an Key Pair:

Name	Description	Specifications	Required
Type	Type of Credential. Select: Key Pair.	Cannot be modified after creation.	Yes
Name	The name of the Key Pair.	Must be unique. Must follow the Standard Naming Pattern. Cannot be modified after creation.	Yes
Description	The description of the Key Pair.		No
Valid From	Date when the Credential becomes valid.	Cannot be later than Valid To date.	No
Valid To	Date when the Credential becomes invalid. info UDMG does not use or check the dates provided. The dates entered are only meant to help Users keep track of expiration dates.	Cannot be earlier than Valid From date.	No
Secret Key	Secure credential.	Must be at least 1 character. Values are masked and encrypted after saving.	Yes
Secret Value	Secure credential that is paired with the Secret Key.	Must be at least 1 character. Values are masked and encrypted after saving.	Yes

Editing an Key Pair

To edit an Key Pair, follow these steps:

1. From the Sidebar, select Configuration > Credentials.
2. Click the Credential Name you want to edit.
3. Click the Edit button above the Credentials details to edit the specific fields.
4. Edit details for the Credentials, using the Field Descriptions above as a guide.
5. Click Update.

Managing Key Pairs

Viewing Key Pair Details

To view the details of an Key Pair, follow these steps:

1. From the Sidebar, click Configuration > Credentials.
2. Click the Name of the Key Pair you want to view. You will see a table with the Credential details.
3. To see the secret and key values, which are not visible after Credential creation, System and Domain Administrators can use the authenticated Reveal API.

Key Pair Metadata

Key Pair details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:

Name	Description
UUID	Universally Unique Identifier of this Key Pair.
Enabled	Credentials Enabled status. If enabled, field is set to True.
Version	Version number of the latest configuration of the Credential, including changes to the Enabled status.
Created	Date and time this Key Pair was created.
Updated	Date and time this Key Pair was last updated.

Enabling and Disabling Key Pairs

Key Pairs can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation.

• Enabled (default): The Key Pair is active and available for use.
• Disabled: The Key Pair is not active and unavailable for use.

To enable or disable an Key Pair, follow these steps:

1. From the Sidebar, click Configuration > Credentials.
2. Click the Name of the Key Pair you want to enable/disable.
3. Click the Enable or Disable button above the Key Pair details, depending on the current status.

Deleting an Key Pair

To delete an Key Pair, follow these steps:

1. From the Sidebar, click Configuration > Credentials.
2. Click the Name of the Credential you want to delete.
3. Click the Delete button above the Credential details.
4. You will be asked to confirm the deletion. Click Delete.

warning

If a Key Pair is currently assigned to an SSO provider, it cannot be deleted. You must first remove the Key Pair from the SSO provider, then return to the Credentials page to delete it.