Introduction
An external identity provider can be used to authenticate users with a federated party such as another Identity Provider oder a Social Login. Once you have configured the external identity provider, you can add it to the Level of Authentication configuration.
Properties
Whenever you are creating of updating a external identity provider, you have to specify the following properties:
Property | Data Type | Mandatory | Example | Description |
---|---|---|---|---|
| String |
| The name of the external provider | |
| String | Enables user to login with their Google accounts | Description of the external provider | |
| Translation Key | Customer.ExternalIdentityProvider.Google.Description | A translation key to translate the description in different languages | |
| String | Used to display the external identity provider to users | ||
| String | Customer.ExternalIdentityProvider.Google.Displayname | A translation key to translate the display name in different languages | |
| Drop Down |
| Choose any of the available logos | |
| Drop Down |
| Active | Usually active or inactive |
| Drop Down |
| GoogleOAuthProviderOptions | Depending on the external providers technology:
Unless stated otherwise, they represent ASP.NETCore Connection Options. For further details see their appropriate documentation such as https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectoptions?view=aspnetcore-6.0 |
| String | { "clientId": "9920356573-3ksmjore7esuiq7p17dh06vpm4a.apps.googleusercontent.com", "clientSecret": "xxaeraaF8adsljfkclajf" } | A simple example for the | |
| String |
| This name will be used in the callback url i.e. https://idp.coreone.ch/callback/google | |
| String |
| Those addresses will be added to the Content Security Policy in order to allow a form submit to and from those pages. | |
| Boolean |
| When a user can be merged with an existing user, this boolean indicates whether or not the user should be asked to do so. |
Attribute Mapping
In the attribute mapping you can define mapping rules to map an external identity providers claim to a CoreOne Suite Attribute of the appropriate Core Identity. For example you can map the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
provided by Google to the CoreOne Suite Attribute First name
.
You also have the option to define a default value
in case the value was not provided and you can set the synchronize
flag to true, so that those values will be updated each time when a user logs in.
Furthermore you can define an attribute as identifies a user
. If set, users that logon with an external provider will be matched on that attribute to local users. For example, if the external provider has a claim containing a customer number, and there is an appropriate attribute within the CoreOne Suite, you can match the users on that attribute.
Claim Mapping
When you do not want to store the claims provided by the external identity provider in the CoreOne Suite Meta Directory but you would like to include the claims in the token, you can configure a simple claim mapping. I.e. you can map the external claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
to the claim given_name
.
Starting from version 8.0: When configuring a mapping, you can also specify if this mapping can be used to identify a user uniquely in an auto merge process by setting the can identify a user
flag.