By URL

New with ZDEW 2.5.2+ and an OpenZiti Controller version 1.2+ is adding an identity to a Windows installation using externally provided authentication. This process involves mapping an identity provided by an identity provider to an OpenZiti Identity using the external-id field as well as configuring an ext-jwt-signer.

Adding an identity by URL is very straight-forward. Deliver the root URL of the OpenZiti controller to the user, and send them the following instructions.

Prerequisites

• OpenZiti Controller 1.2+
• ZDEW 2.5.2+
• an external-jwt-provider is properly configured
• an identity exists with an external-id field set to a value provided from the external provider
• the OpenZiti Controller is configured to serve a pre-configured trusted certificate. The certificate must be verifiable by the OS without additional information such as using a widely trusted CA or the Windows administrator has added the certificate chain to the OS trust store

Adding the Identity

To add an identity to Windows by URL, first start by clicking on the "ADD IDENTITY" button in the top right of the screen. After the context menu pops up, select the "With URL" option.

A dialog will appear. Enter a valid https url to a controller and click

Authenticating

Once an identity is added for a network leveraging an external provider. See Authenticating for more details about how to authenticate to the network.