Please check this reply from Vincent on a different topic. It describes how to do this with Microsoft Graph but the same can be applied to Indicium. You will first need to create an OpenID Client within IAM. 

https://community.thinkwisesoftware.com/integrations-90/microsoft-graph-authentication-1428?postid=9153#post9153

Also Dick has written a blog post about this please check this topic as well.

https://community.thinkwisesoftware.com/news-blogs-21/using-oauth-to-get-data-from-external-applications-2672

I have some trouble setting up the OpenID configuration in the software factory. After creating the OpenID configuration and restarting the indicium it fails to start with

Description: The process was terminated due to an unhandled exception.

Exception Info: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied.

There is an ticket created in the TCP (3105S) for this also

@efitskie basically you can call the endpoint with any user that has rights to the SF, it is not perse necessary to go through the trouble of setting up OpenID.

The indicium error on Azure when setting up the OpenID configuration can be resolved by adding the app setting WEBSITE_LOAD_USER_PROFILE with value 1

With this setting the indicium will start.

Following up on the comment by Arie, you can use a basic authentication header as long as the service account you are using for the integration is registered as an IAM account without 2FA enabled.

Username and password need to be encoded in this header.

e.g. Authorization: Basic Y2ljZC1zZXJ2aWNlLWFjY291bnQ6aHVudGVyMQ==

Thank you all for the contribution on this topic. I’ve managed to get the request working with basic authorization