Authentication Methods

Integrating External Login Providers

Modern applications often utilize external login providers to enhance user experience and security.

This documentation guides you through the setup and configuration of various login provider types, including:

• Social Providers

• SAML Service Providers

• OAuth & OpenID Connect

Accessing the Login Providers Tab

1. Open the Admin Console.

2. On the left-hand menu, click on Settings.

3. In the Settings section, select the Authentication Methods tab.

The Authentication Methods page displays a card-based view categorizing the available authentication methods, such as:

• Social Providers: Login options provided by popular social media platforms.

  • LDAP Providers: Integrates with enterprise identity management systems.

  • SAML 2.0 Providers: Set up Single Sign-On (SSO) using Security Assertion Markup Language.

  • OAuth & OpenID Connect: Enables integration with OAuth-based systems for secure authorization.

  • REST Provider: Facilitates unified login experiences across multiple services.

  • Classical Provider: Traditional username-password authentication.

  • Passwordless Provider: Allows login using alternative authentication methods like biometrics or one-time codes.

Social Providers

Social providers enable users to log in using their accounts from popular social media platforms, bypassing the need to create a new account.

Steps to Configure Social Providers

1. Click View on the Social Providers card.

2. On the right side, you’ll see a table listing the available social providers with the following fields

• Provider Icon: Displays the provider's logo based on the logo URL.

• Provider Name: Name of the Provider.

• Action: Edit provider settings.

Searching for Providers

1. Use the search box above the Providers Table to enter a keyword.

2. Click Search to filter the table and display matching providers.

3. To optimize your search, use the Provider Name as the keyword.

Editing a Provider

1. Locate the provider you wish to configure or edit.

2. Click the Edit icon to open the provider’s settings.

3. Modify the necessary fields, as described below.

4. Save your changes to update the provider configuration.

PROVIDER DETAILS

• Provider Name: Identifies the social login provider for users.

• Display Name: The name visible to users during login.

• Description: Provides additional context about the provider.

• Enable: Toggle the provider's activation status (enabled/disabled).

Configuration Steps

1. Client ID

• A unique identifier assigned to your application during registration with the social provider's developer platform.

• Used for authenticating API requests.

1. Client Secret

• A secret key assigned during registration for secure communication between your application and the provider’s servers.

1. Redirect URL

• The URL where users are redirected after successful authentication.

• This must match exactly with the URL registered on the provider’s platform.

1. Scopes

• Define the level of access your application has to user data.

• For example, access to email addresses, profile details, or a friend list.

Saving the Setup

1. After filling in the mandatory fields for the provider setup, locate and click the Save button.

2. Clicking Save will save the configuration you've entered.

Configuring Enterprise Cloud Providers:

1. To configure cloud providers, begin by clicking the Edit icon associated with the provider you want to set up.

2. Clicking Edit will take you to the Setup Providers page, where you can configure the cloud provider.

3. The card on this page displays the available Social Providers, and here you can set up the Cloud Providers.

After configuring the provider details, click the Save button to set up the provider.

SAML Service Provider (SP) :

SAML (Security Assertion Markup Language) is a protocol used for Single Sign-On (SSO) authentication.

As a Service Provider (SP), your application integrates with an Identity Provider (IdP) to enable users to log in using their IdP credentials.

1. To set up SAML Service Provider (SP), click on View on the SAML Service Provider (SP) card.

2. On the right side, you'll find a table view displaying the available SAML Service Providers.

SAML Service Provider table contains following fields,

• Provider Name: Name of the Provider.

• Logo: The name to be displayed.

• Type: Type of the SAML provider.

• Action: You can Perform action like view or edit the provider settings.

Create new SAML Service Provider

1. To create a new SAML Service Provider, locate and click on the create a new SAML Service Provider button that allows you to add a new provider.

2. You will be directed to a SAML Service Provider page where you need to fill in the required details for the new provider.

3. Provide all the necessary information as prompted to create the SAML Service Provider

IDP Settings

Login Request Settings

• Sign Request: This setting determines whether the login request sent from the SP to the Identity Provider (IdP) should be signed. Signing the request enhances security by ensuring its integrity.

• Signing Algorithm: Specify the cryptographic algorithm used for signing the login request. Common algorithms include RSA-SHA256 and RSA-SHA1.

• Digest Algorithm: Choose the hashing algorithm used to create a digest of the signed content. This adds an extra layer of security by ensuring the integrity of the signed data.

• Protocol Binding: Define the protocol binding to be used for the login request. Protocol binding specifies how the SP and IdP communicate during SAML exchanges. Common bindings include HTTP Redirect and HTTP POST.

Attribute Mapping

• Name: This refers to an attribute's name as provided by the IdP. It's a standard attribute that may include information like the user's name.

• Native Name: Some SAML frameworks provide a "native" name for attributes. This could be the attribute name in its original context, without any transformation.

• Custom Field: In some cases, you might want to map an attribute to a custom field in your application's user profile. This allows you to capture and store additional information beyond standard attributes.

• Identity Custom Field: Like the previous field, this might refer to a custom field specific to your identity management or user profile system.

1. After configuring the SAML Service Provider details, click the Save button to set up the provider.

You can also be able to modify the specific provider details by clicking edit icon in the SAML Provider page.

OAUTH & OPENID CONNECT

OAuth and OpenID Connect are protocols used for authentication and authorization. OpenID Connect is built on top of OAuth 2.0 and adds an identity layer, making it a popular choice for Single Sign-On (SSO) and user authentication.

1. To set up OAuth and OpenID Connect, click on View on the Custom Provider card.

2. On the right side, you'll find a table view displaying the available Custom Providers.

Custom Provider table contains following fields,

• Provider Name: Name of the Provider.

• Standard Type: Type of the provider OAUTH or OPENID CONNECT

• Action: You can Perform action like edit the provider settings.

Create New Provider using OAUTH

To create New Provider, need to fill

• Standard Type: This refers to the type of OAuth or OpenID Connect standard you're implementing. OAuth provides authorization mechanisms, while OpenID Connect extends OAuth to provide authentication and identity features.

• Authorization Endpoint: Specify the URL where your application redirects users to begin the authorization process. Users will authenticate and grant permissions here.

• Token Endpoint: Provide the URL where your application exchanges the authorization code for an access token. This is a critical step in the OAuth flow.

• Provider Name: Assign a unique name to identify this OAuth/OIDC integration.

• Display Name: Provide a user-friendly name that will be displayed when users see the option to log in using this OAuth/OIDC integration.

• Add Scopes: Scopes define the level of access your application is requesting from the user's account. Examples include "profile," "email," and "openid" for OIDC.

• User Info Endpoint: This is the URL where your application retrieves user information, such as name, email, and other attributes. It's used for populating user profiles.

• HTTP Type: This specifies the HTTP method used for token requests and other interactions. Common methods are "POST" and "GET."

Click Save to Setup a Provider.

Create New Provider using OPENID CONNECT

To create New Provider, need to fill

Standard Type

• This refers to the type of OAuth or OpenID Connect standard you're implementing.

• OAuth provides authorization mechanisms, while OpenID Connect extends OAuth to provide authentication and identity features.

Issuer URL

• The OpenID Connect issuer URL is a web address that points to the service responsible for authenticating users and providing identity information.

• It's used by applications to discover authentication endpoints, validate user identity tokens, and establish secure connections to the identity provider.

Authorization Endpoint

• Specify the URL where your application redirects users to begin the authorization process.

• Users will authenticate and grant permissions here.

Token Endpoint

• Provide the URL where your application exchanges the authorization code for an access token. This is a critical step in the OAuth flow.

Provider Name:

• Assign a unique name to identify this OAuth/OIDC integration.

Display Name:

• Provide a user-friendly name that will be displayed when users see the option to log in using this OAuth/OIDC integration.

Add Scopes:

• Scopes define the level of access your application is requesting from the user's account. Examples include profile, email, and openid for OIDC.

User Info Endpoint:

• This is the URL where your application retrieves user information, such as name, email, and other attributes. It's used for populating user profiles.

HTTP Type:

• This specifies the HTTP method used for token requests and other interactions. Common methods are POST and GET.

Click Save to Setup a Provider.

Custom Provider in Social Providers Section

After successful integration, the custom authentication provider will also appear in the Social Providers section of your application's authentication settings. Users will have the option to select Sign in with the chosen provider as an alternative way to access your application.

Modify Providers

1. To modify providers, locate the provider you want to edit on the custom providers page.

2. Look for the edit icon associated with that provider.

3. Click on the edit icon to access and modify the provider's settings.

Editing Provider Details:

1. Clicking the edit icon opens the Edit Provider Page.

2. On this page, you can make modifications to the given provider's details as needed.

1. After making the necessary modifications in the provider details, locate and click the Save button.

2. Clicking Save will save the changes you've made to the provider.

Delete Provider

1. While on the Edit Provider Page, locate the option to delete the provider.

2. Typically, this option is represented by a Delete button.

3. Confirm your decision to delete the provider when prompted.

Single Sign On Integration:

Single Sign-On (SSO) allows users to log in once and access multiple applications without needing to log in again for each one.

1. Single Sign-On (SSO) Integration is a mechanism for allowing users to sign in once and access multiple applications without needing to sign in again for each one.

2. To set up SSO Integration, click on View on the Single Sign-On Integration card.

3. On the right side, you'll find a table view displaying the available Single Sign-On Integration Providers.