Identity providers configuration
Identity providers are the server resources helping to customize the end-user authentication interface. Those means of authentication provide customizable flows and interfaces that help to keep the service branding while providing authentication for them in a seamless way. In case of misconfiguration in navigation error from the end-user, fallbacks to error templates are provided to keep a good end-user experience.
Architecture
For each client, you can configure a specific identity provider, that will be associated to a backend, helping to provide both authorization and authentication for them. This way, each client will have a custom interface as mean of authentication for the end-users.
Have a look at client configuration
Have a look at backend configuration
Templates edition
Identity provider templates are to be seen by the end-user, they are editable using Mustache templating engine helping to get access to global and page-specific variables. You can at any moment reset your changes to go back to a default template. User navigation help going through the customized templates giving the best user experience.
Global templates variables
{federated server name}.login_url gives the login URL in case of identity federation helping to implement "login with" button. That variable is associated with the configuration of a federated server.
messages gives the server messages array having for each of them type and content attributes.
_csrf_token gives the anti request forgery token that is to be sent along with each end-user form.
errors gives the current errors array having for each of them a message attribute.
client gives the current client associated to the request, it has all the corresponding client attributes.
The server URL that the end-user can navigate to
delete_user_session_path accessible through DELETE
edit_user_path accessible through GET
destroy_user_path accessible through POST
new_user_totp_registration_path accessible through GET
create_user_totp_registration_path accessible through POST
new_user_webauthn_registration_path accessible through GET
create_user_webauthn_registration_path accessible through POST
new_user_registration_path accessible through GET
new_user_reset_password_path accessible through GET
new_user_session_path accessible through GET
update_user_reset_password_path accessible through POST
update_user_path accessible through POST
Identity provider configurations
registrable? equals to true if the identity provider user registration feature is enabled.
totpable? equals to true if the identity provider Time base One Time Password feature is enabled.
user_editable? equals to true if the identity provider user edition feature is enabled.
Feature activation
As configuration, identity provider features can be toggled to be activated or disabled. Those features customize the authentication flow the user will encounter for identifying themselves to the service. The features give abilities such as session management, Multi-Factor Authentication, user management, or consent.
Manage through User Interface
The administration interface gives the ability to create, update and delete identity providers. You can access them by navigating to the Identity providers > identity provider list section in the sidebar menu.
Manage through API
All identity provider operations are accessible through a REST API following the below description. All identity provider management endpoints are protected with a Bearer token that can be obtained with any OAuth flow. In order to get access, you need to have an access token with the private scope identity-providers:manage:all granted.
Have a look at API documentation