Authenticate with a browser
When you authenticate to Identity Cloud using a browser, you can specify the realm and the authentication parameters in the URL, to customize the user’s authentication experience.
Specify the realm in the URL
Specify the realm as the value of the realm parameter in the URL. Preface the realm name with a forward slash (/); for example:
https://<tenant-env-fqdn>/am/login/?realm=/alpha
Authentication parameters
AM accepts the following parameters in the URL query string.
- arg=newsession
-
Request that AM end the user’s current session and start a new session.
- ForceAuth
-
If
ForceAuth=true, request that AM force the user to authenticate even if they already have a valid session.On successful authentication, AM issues new session tokens to reauthenticating users, even if the current session already meets the security requirements.
- goto
-
On successful authentication, or successful logout, request that AM redirect the user to the specified location. Values must be URL-encoded.
For details, refer to Success and failure redirection URLs.
- gotoOnFail
-
On authentication failure, request that AM redirect the user to the specified location. Values must be URL-encoded.
For details, refer to Success and failure redirection URLs.
- locale
-
Request that AM display the user interface in the specified, supported locale. The locale can also be set in the user’s profile, in the HTTP header from their browser, or configured in AM.
- realm
-
Request that AM authenticate the user to the specified realm.
- resource
-
Set this parameter to
trueto request resource-based authentication. - service
-
Request that AM authenticate the user with the specified authentication journey.
Example UI login URLs
Use any of the options listed in Authentication parameters as URL parameters.
Note that URL parameters must appear before any occurrences of the pound or hash character (#).
The following are example URLs with parameters:
| Description | Example URL |
|---|---|
Log in to the |
|
Log in to the |
|