Skip to main content

Setting up an internal application

In the Identity Platform New Experience, set up an internal application like the Secure Portal, Password Reset, Help Desk pages, and OIDC integrations.

To learn more about use cases for an internal application, see About the Internal Application Manager.



  1. On the left side of the Identity Platform, click Internal Application Manager.

    Screenshot of Internal Application Manager page.
  2. Click Add New Internal Application.

    The New Internal Application page displays.

  3. Set the following configurations:

    Internal Application Name

    Set the name of the internal application page.

    This name is shown on the page header and document title of the end user login pages.


    If you change this name, it will overwrite any value that is set on the Overview tab in Advanced Settings.

    Internal Application Description

    This is an internal description not shown to end users.

    Data Store

    Enter the data store to authenticate and allow user access to the internal application.


    Use one of the following options:

    • Slider in the On position (enabled): Allow users from every group in your selected data stores access to the internal application.

    • Slider in the Off position (disabled): Enter the specific groups who are allowed access to the internal application.

    Authentication Policy

    Select the login authentication policy for the internal application.

    Realm Number

    Select the Realm Number to use for this application.

    Authenticate User Redirect

    Select the target internal application category and then from the list, select the application page you want to set up.

    For example, select the Identity Management (IdM) category, and then from the list, select Secure Portal.

    The available internal application options are:

    • Custom Redirect

      • Custom Redirect

    • Identity Management (IdM)

      • Account Management

      • Forgot Username

      • Password Reset

      • Secure Portal

      • Self-Service Account Update

      • Create User

    • Certificate Based

      • Create PFX (iPhone + VM)

      • Create PFX Link (ASA)

      • Create PFX Auto Link (Citrix Receiver)

      • Native Mode Cert Landing Page

    • Microsoft/WS-*

      • Create OWA 2010 Token

      • Create SharePoint 2010 Claim

      • Create Windows Live@Edu Token

      • Microsoft Forms Based Authentication Token

    • Generic (HTTP / OAuth / OpenID / etc)

      • Basic Authentication

      • Submit Form Post

      • Multi-factor App Enrollment - QR

      • Multi-factor App Enrollment - URL

      • OpenID Connect / OAuth2

      • User Handler Web Service

    • 3rd Party Application Integrations

      • F5 BigIP

      • PDP Configuration

      • Siteminder Session Token

      • WebSphere via Post

      • YubiKey Provisioning

    • Mobile

      • Mobile Native App Launch

      • Android Transition

      • iOS Google Apps Provision

      • iOS Exchange Provision

    Redirect To

    This field is automatically populated by the selection of the redirect page. If this is a Custom Redirect, then enter the redirect URL.

    This is the page the end user lands on after login.

  4. Click Create Connection.

    This creates a new internal application with an attached user authentication policy from the New Experience.

    Screenshot of internal application configuration in the New Experience UI.
  5. To complete the configuration in Advanced Settings, do one of the following:

    • At the top of the page, click the link in the green confirmation message.

    • At the bottom of the page, click the Go to Advanced Settings... link.

    The link takes you to the Post Authentication tab in Advanced Settings.

  6. On the Post Authentication tab, configure the settings for the internal application.

    For example, if the Authenticate User Redirect field is set to Secure Portal, then you'll need to go to the Portal Page section and configure the page settings.

  7. Save your changes.

  8. Use the login URL for your end users to access this internal application page.

    You can find this on the main Internal Application Manager page or when you edit the internal application in the Redirect Information section.



End users get the new login experience when they log in to the URL of the target application.