Latest update: 7.1.6
- Overview
- About User Self-Service
- Self-Registration
- Social Registration
- OpenID Connect Authorization Code Flow
- Many Social Identity Providers, One Schema
- Amazon Social Identity Provider
- Apple Social Identity Provider
- Facebook Social Identity Provider
- Google Social Identity Provider
- Instagram Social Identity Provider
- LinkedIn Social Identity Provider
- Microsoft Social Identity Provider
- Salesforce Social Identity Provider
- Twitter Social Identity Provider
- Setting Up Vkontakte as an IDM Social Identity Provider
- WeChat Social Identity Provider
- WordPress Social Identity Provider
- Yahoo Social Identity Provider
- Custom Social Identity Provider
- Configure the Social Providers Authentication Module
- Account Claiming: Links Between Accounts and Social Identity Providers
- Manage Social Identity Providers Over REST
- Test Social Identity Providers
- Scenarios When Registering With a Social ID
- Social Identity Widgets
- Social Identity Provider Button and Badge Properties
- Progressive Profile
- Password Reset
- Username Retrieval
- Additional Configuration
- Configure Notification Emails
- Configure Privacy and Consent
- Configure UMA, Trusted Devices, and Privacy
- Terms & Conditions
- Tokens and User Self-Service
- End User UI Notifications
- Configure Google reCAPTCHA
- Configure Identity Fields
- Configure Security Questions
- Add Custom Policies for Self-Registration and Password Reset
- Self-Service End User UI
- Custom Self-Service Stages
- Self-Service Stage Reference
- All-In-One Registration
- OpenAM Auto-Login Stage
- Attribute Collection Stage
- Captcha Stage
- Conditional User Stage
- Consent Stage
- Email Validation Stage
- IDM User Details Stage
- KBA Security Answer Definition Stage
- KBA Security Answer Verification Stage
- KBA Update Stage
- Local Auto-Login Stage
- Parameters Stage
- Patch Object Stage
- Password Reset Stage
- Self-Registration Stage
- Social User Claim Stage
- Terms and Conditions Stage
- User Query Stage
- IDM Glossary
Social Registration
IDM provides a standards-based solution for social authentication requirements, based on the OAuth 2.0 and OpenID Connect 1.0 standards. They are similar, as OpenID Connect 1.0 is an authentication layer built on OAuth 2.0.
This chapter describes how to configure IDM to register and authenticate users with multiple social identity providers.
To configure different social identity providers, you'll take the same general steps:
Set up the provider. You'll need information such as a
Client IDandClient Secretto set up an interface with IDM.Configure the provider on IDM.
Set up User Registration. Activate
Social Registrationin the applicable Admin UI screen or configuration file.After configuration is complete, test the result. For a common basic procedure, see "Test Social Identity Providers".
You can configure how IDM handles authentication using social identity providers by opening the Admin UI and selecting Configure > Authentication > Modules > Social Providers. The Social Providers authentication module is enabled by default. For more information, see "Configure the Social Providers Authentication Module".
To understand how data is transmitted between IDM and a social identity provider, read "OpenID Connect Authorization Code Flow".
Note
For all social identity providers, set up a FQDN for IDM, along with information in a DNS server, or system
hostsfiles. For test purposes, FQDNs that comply with RFC 2606, such aslocalhostandopenidm.example.com, are acceptable.When you've configured one or more social identity providers, you can activate the Social Registration option in User Registration. This action adds:
The following setting to the
selfservice-registration.jsonconfiguration file:The following configuration file:
selfservice-socialUserClaim.json, discussed in "Account Claiming: Links Between Accounts and Social Identity Providers".Under the Social tab, you'll see a list of property mappings as defined in the
selfservice.propertymap.jsonfile.One or more
sourceproperties in this file takes information from a social identity provider. When a user registers with their social identity account, that information is reconciled to the matchingtargetproperty for IDM. For example, theemailproperty from a social identity provider is normally reconciled to the IDM managed usermailproperty.