Introduction

There are many use cases where a federation is appropriate. You might want to provide your users the option to login with an external identity provider or an external system that usually authenticates against an own Identity Provider want’s to offer their user base the option to federate to your system.

Federate to external identity providers

If you would to provide your users the option to login with any external identity provider you need to add an appropriate configuration to the system. Here you will find a few helpful how-to’s to do so:

How-To setup a federation with an external Identity Provider (IdP)

How-To setup SwissID as Identity Provider (IdP)

Act as a federation party

If an external system want’s your system to act as the external login provider, you have to to add the external systems Identity Provider (IdP) to your system. In this case, we treat that external party as an ordinary application with a client. You can simply add the target system, add the application and the client, and if a self-registration is needed, add the appropriate application configuration. Here are a few helpful how-to’s to do so:

How-To add an SSO application

How-To enable self-registration

Federation can be done using various Authentication Schemas, but keep in mind that in most cases it can be done by using OpenID Connect with the authentication flow.