Authentication Methods
Last updated
Last updated
Modern applications often leverage external login providers to enhance user experience and security.
In this documentation, we'll cover the setup and configuration of various login provider types, including social providers, enterprise providers, SAML service providers, OAuth & OpenID Connect, and Single Sign-On (SSO) integration.
Accessing the Login Providers Tab
Open the Admin Console.
On the left-hand side, locate and click on Settings.
In the Settings section, click on the Authentication Methods tab.
On the Authentication Methods page, you'll find a card-based view that categorizes the available Authentication Methods into different types:
Social Providers: These are login options provided by popular social media platforms.
LDAP Providers: Integration with enterprise identity management systems.
SAML 2.0 Providers : Set up Single Sign-On (SSO) using Security Assertion Markup Language.
OAuth & OpenID Connect: Integration with OAuth-based systems for secure authorization.
REST Provider: Unified login experience across multiple services.
Classical Provider:
Passwordless Provider:
Within the selected category, choose the specific provider you wish to configure. Click on the respective card to proceed.
Social providers enable users to log in using their accounts from popular social media platforms.
These platforms act as authentication providers, allowing users to bypass the process of creating a new account for your application.
To set up social providers, click on View on the Social Providers card.
On the right side, you'll find a table view displaying the available Social Providers.
Social Providers table contains following fields,
Provider Icon: Provider logo will show based on the logo URL
Provider Name: Name of the Provider.
Action: You can Perform action like edit the provider settings.
Searching for Providers
In the search box located above the Providers table, enter a keyword.
Click the Search button.
The table will display the matching Provider based on the keyword you entered.
To search effectively, use the Provider Name as the keyword.
Edit Provider
To configure or edit a provider, look for the Edit icon associated with that provider.
Click on the Edit icon to access and modify the provider's settings.
Fill in or adjust the necessary details as required for the provider.
PROVIDER DETAILS
Provider Name: Name for the social login provider. It helps users identify which social platform they are connecting to when logging in.
Display Name: The Name to be displayed for the user.
Description: Description of the Provider.
Enable: You can enable/disable the provider.
CONFIGURATIONS STEPS
Client ID
This is a unique identifier assigned to your application when you register it with the social provider's developer platform.
It is used to authenticate your application when making API requests to the provider's servers.
Client Secret
This is a secret key assigned to your application during registration with the social provider's developer platform.
It is used in combination with the API Key or Client ID for secure communication between your application and the provider's servers.
Redirect URL
After a user successfully logs in with their social account, the provider will redirect them back to your application with an authorization token.
This URL is where the provider should send the user after authentication.
It's important to match this URL exactly with the one you've registered with the provider.
Scopes
Scopes define the level of access your application has to the user's data on the social platform.
You might need specific permissions to retrieve certain user information, such as email address, profile details, or friends list.
Saving the Setup
After filling in the mandatory fields for the provider setup, locate and click the Save button.
Clicking Save will save the configuration you've entered.
Enterprise providers allow users to log in to your application using their organization's credentials from identity management systems like Active Directory or Enterprise Cloud Providers.
To set up enterprise providers, click on View on the Enterprise Providers card.
On the right side, you'll find a table view displaying the available Enterprise Providers.
To Configure AD by clicking the Edit icon. This will show the Active Directory Providers page.
The table shows the available Social Providers. Here you can create or modify the AD Providers.
Social Providers table contains following fields,
Provider Name: Name of the Provider.
Display Name: The name to be displayed.
Action: You can Perform action like edit the provider settings.
Provider Name: Assign a unique name to identify this Active Directory integration.
Logo URL: Optional field for providing a URL to a logo or image representing the Active Directory integration.
Display Name: Provide a user-friendly name that will be displayed when users see the option to log in with this integration.
Description: Optionally, provide a brief description or additional information about this integration.
Connection String: Specify the connection details for your Active Directory server. This usually includes the server's hostname or IP address, as well as the port number.
Base DN (Distinguished Name): Set the base distinguished name where user searches will start. This is the starting point for locating users in your AD.
Username: If required, provide a username that has search permissions within the directory.
Password: If using a username, provide the corresponding password for authentication.
Enable: This likely indicates whether you want to enable this Active Directory integration.
After configuring the provider details, click the Save button to create a new provider.
You can also modify the details of the provider within the Active Directory Providers section.
To configure cloud providers, begin by clicking the Edit icon associated with the provider you want to set up.
Clicking Edit will take you to the Setup Providers page, where you can configure the cloud provider.
The card on this page displays the available Social Providers, and here you can set up the Cloud Providers.
To Setup Provider, need to fill
Provider Name: Assign a unique name to identify this cloud provider integration.
Display Name: Provide a user-friendly name that will be displayed when users see the option to log in using this cloud provider.
Description: Optionally, provide a brief description or additional information about this integration.
Enable: This indicates whether you want to enable this cloud provider integration.
Redirect URI: Specify the URI where the cloud provider should redirect users after successful authentication. This is an important step in the OAuth 2.0 or OpenID Connect flow.
Hosted Domain: If applicable, provide the domain associated with the hosted environment or organization. This can be relevant for certain cloud providers' Single Sign-On (SSO) configurations.
Client ID: This is a unique identifier assigned by the cloud provider when you register your application for authentication.
Client Secret: A secret key associated with the client ID for secure communication between your application and the cloud provider's authentication service.
After configuring the provider details, click the Save button to set up the provider.
SAML (Security Assertion Markup Language) is a protocol used for Single Sign-On (SSO) authentication.
As a Service Provider (SP), your application integrates with an Identity Provider (IdP) to enable users to log in using their IdP credentials.
To set up SAML Service Provider (SP), click on View on the SAML Service Provider (SP) card.
On the right side, you'll find a table view displaying the available SAML Service Providers.
SAML Service Provider table contains following fields,
Provider Name: Name of the Provider.
Logo: The name to be displayed.
Type: Type of the SAML provider.
Action: You can Perform action like view or edit the provider settings.
To create a new SAML Service Provider, locate and click on the create a new SAML Service Provider button that allows you to add a new provider.
You will be directed to a SAML Service Provider page where you need to fill in the required details for the new provider.
Provide all the necessary information as prompted to create the SAML Service Provider
IDP Settings
Login Request Settings
Sign Request: This setting determines whether the login request sent from the SP to the Identity Provider (IdP) should be signed. Signing the request enhances security by ensuring its integrity.
Signing Algorithm: Specify the cryptographic algorithm used for signing the login request. Common algorithms include RSA-SHA256 and RSA-SHA1.
Digest Algorithm: Choose the hashing algorithm used to create a digest of the signed content. This adds an extra layer of security by ensuring the integrity of the signed data.
Protocol Binding: Define the protocol binding to be used for the login request. Protocol binding specifies how the SP and IdP communicate during SAML exchanges. Common bindings include HTTP Redirect and HTTP POST.
Attribute Mapping
Name: This refers to an attribute's name as provided by the IdP. It's a standard attribute that may include information like the user's name.
Native Name: Some SAML frameworks provide a "native" name for attributes. This could be the attribute name in its original context, without any transformation.
Custom Field: In some cases, you might want to map an attribute to a custom field in your application's user profile. This allows you to capture and store additional information beyond standard attributes.
Identity Custom Field: Like the previous field, this might refer to a custom field specific to your identity management or user profile system.
After configuring the SAML Service Provider details, click the Save button to set up the provider.
You can also be able to modify the specific provider details by clicking edit icon in the SAML Provider page.
OAuth and OpenID Connect are protocols used for authentication and authorization. OpenID Connect is built on top of OAuth 2.0 and adds an identity layer, making it a popular choice for Single Sign-On (SSO) and user authentication.
To set up OAuth and OpenID Connect, click on View on the Custom Provider card.
On the right side, you'll find a table view displaying the available Custom Providers.
Custom Provider table contains following fields,
Provider Name: Name of the Provider.
Standard Type: Type of the provider OAUTH or OPENID CONNECT
Action: You can Perform action like edit the provider settings.
To create New Provider, need to fill
Standard Type: This refers to the type of OAuth or OpenID Connect standard you're implementing. OAuth provides authorization mechanisms, while OpenID Connect extends OAuth to provide authentication and identity features.
Authorization Endpoint: Specify the URL where your application redirects users to begin the authorization process. Users will authenticate and grant permissions here.
Token Endpoint: Provide the URL where your application exchanges the authorization code for an access token. This is a critical step in the OAuth flow.
Provider Name: Assign a unique name to identify this OAuth/OIDC integration.
Display Name: Provide a user-friendly name that will be displayed when users see the option to log in using this OAuth/OIDC integration.
Add Scopes: Scopes define the level of access your application is requesting from the user's account. Examples include "profile," "email," and "openid" for OIDC.
User Info Endpoint: This is the URL where your application retrieves user information, such as name, email, and other attributes. It's used for populating user profiles.
HTTP Type: This specifies the HTTP method used for token requests and other interactions. Common methods are "POST" and "GET."
Click Save to Setup a Provider.
To create New Provider, need to fill
Standard Type
This refers to the type of OAuth or OpenID Connect standard you're implementing.
OAuth provides authorization mechanisms, while OpenID Connect extends OAuth to provide authentication and identity features.
Issuer URL
The OpenID Connect issuer URL is a web address that points to the service responsible for authenticating users and providing identity information.
It's used by applications to discover authentication endpoints, validate user identity tokens, and establish secure connections to the identity provider.
Authorization Endpoint
Specify the URL where your application redirects users to begin the authorization process.
Users will authenticate and grant permissions here.
Token Endpoint
Provide the URL where your application exchanges the authorization code for an access token. This is a critical step in the OAuth flow.
Provider Name:
Assign a unique name to identify this OAuth/OIDC integration.
Display Name:
Provide a user-friendly name that will be displayed when users see the option to log in using this OAuth/OIDC integration.
Add Scopes:
Scopes define the level of access your application is requesting from the user's account. Examples include profile, email, and openid for OIDC.
User Info Endpoint:
This is the URL where your application retrieves user information, such as name, email, and other attributes. It's used for populating user profiles.
HTTP Type:
This specifies the HTTP method used for token requests and other interactions. Common methods are POST and GET.
Click Save to Setup a Provider.
Custom Provider in Social Providers Section
After successful integration, the custom authentication provider will also appear in the Social Providers section of your application's authentication settings. Users will have the option to select Sign in with the chosen provider as an alternative way to access your application.
To modify providers, locate the provider you want to edit on the custom providers page.
Look for the edit icon associated with that provider.
Click on the edit icon to access and modify the provider's settings.
.
Editing Provider Details:
Clicking the edit icon opens the Edit Provider Page.
On this page, you can make modifications to the given provider's details as needed.
After making the necessary modifications in the provider details, locate and click the Save button.
Clicking Save will save the changes you've made to the provider.
While on the Edit Provider Page, locate the option to delete the provider.
Typically, this option is represented by a Delete button.
Confirm your decision to delete the provider when prompted.
Single Sign-On (SSO) allows users to log in once and access multiple applications without needing to log in again for each one.
Single Sign-On (SSO) Integration is a mechanism for allowing users to sign in once and access multiple applications without needing to sign in again for each one.
To set up SSO Integration, click on View on the Single Sign-On Integration card.
On the right side, you'll find a table view displaying the available Single Sign-On Integration Providers.
Single Sign On table contains following fields,
SSO Name: Name of the SSO Provider.
Logo: Logo of the SSO Provider.
Action: You can Perform action like edit the provider settings.
Choose Identity Provider (IdP): Decide which Identity Provider you want to integrate with.
To create New Provider, need to fill
Callback URL:
The Callback URL, also known as the Redirect URL, is the URL where the Identity Provider (IdP) will send the SSO response after a successful authentication.
This URL is set up in your application to handle the incoming SSO response and complete the login process.
Paste your SP Metadata:
SP Metadata, or Service Provider Metadata, is a document that contains information about your application's SSO configuration.
It includes details like the Entity ID, Assertion Consumer Service (ACS) URL, and your application's public key certificate. This metadata is typically provided by your application and used by the IdP to configure the SSO relationship.
Click Save to setup the SSO Integration.
To modify SSO Integration, locate the SSO Integration you want to edit on the SSO Integration Page.
Look for the edit icon associated with that SSO Integration.
Click on the edit icon to access and modify the SSO Integration's details.
On the Edit SSO Integration Page, you can make modifications to the given details.
After filling in the mandatory fields, locate and click the Save button to save the modified SSO Integration.
While on the Edit SSO Integration Page, locate the option to delete the SSO Integration.
Typically, this option is represented by a Delete button.
Confirm your decision to delete the SSO Integration when prompted.