Introduction
An external identity provider can be used to authenticate users with a federated party such as another Identity Provider oder a Social Login. Once you have configured the external identity provider, you can add it to the Level of Authentication configuration.
Properties
Whenever you are creating of updating a external identity provider, you have to specify the following properties:
Property | Data Type | Mandatory | Example | Description |
---|---|---|---|---|
| String |
| The name of the external provider | |
Description | String | Enables user to login with their Google accounts | Description of the external provider | |
Description name key | Translation Key | Customer.ExternalIdentityProvider.Google.Description | A translation key to translate the description in different languages | |
Display name | String | Used to display the external identity provider to users | ||
Display name key | String | Customer.ExternalIdentityProvider.Google.Displayname | A translation key to translate the display name in different languages | |
Icon | Drop Down |
| Choose any of the available logos | |
State | Drop Down |
| Active | Usually active or inactive |
Option type | Drop Down |
| GoogleOAuthProviderOptions | Depending on the external providers technology:
They all represent the ASP.NETCore Connection Options. For further details see their appropriate documentation such as https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectoptions?view=aspnetcore-6.0 |
Configuration | String | { "clientId": "9920356573-3ksmjore7esuiq7p17dh06vpm4a.apps.googleusercontent.com", "clientSecret": "xxaeraaF8adsljfkclajf" } | A simple example for the | |
Authentication scheme | String |
| This name will be used in the callback url i.e. https://idp.coreone.ch/callback/google | |
Trusted address | String |
| Those addresses will be added to the Content Security Policy in order to allow a form submit to and from those pages. | |
Automatically link user account | Boolean |
| When a user can be merged with an existing user, this boolean indicates whether or not the user should be asked to do so. |
Attribute Mapping
In the attribute mapping you can define mapping rules to map an external identity providers claim to a CoreOne Suite Attribute of the appropriate Core Identity. For example you can map the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
provided by Google to the CoreOne Suite Attribute First name
.
You also have the option to define a default value
in case the value was not provided and you can set the synchronize
flag to true, so that those values will be updated each time when a user logs in.
Claim Mapping
When you do not want to store the claims provided by the external identity provider in the CoreOne Suite Meta Directory but you would like to include the claims in the token, you can configure a simple claim mapping. I.e. you can map the external claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
to the claim given_name
.
Starting from version 8.0: When configuring a mapping, you can also specify if this mapping can be used to identify a user uniquely in an auto merge process by setting the can identify a user
flag.