Social registration
Social authentication is deprecated and will be removed in a future release of IDM. For more information, see Deprecation. |
IDM provides a standards-based solution for social authentication requirements, based on the OAuth 2.0 and OpenID Connect 1.0 standards. They are similar, as OpenID Connect 1.0 is an authentication layer built on OAuth 2.0.
This chapter describes how to configure IDM to register and authenticate users with multiple social identity providers.
To configure different social identity providers, you’ll take the same general steps:
-
Set up the provider. You’ll need information such as a
Client ID
andClient Secret
to set up an interface with IDM. -
Configure the provider on IDM.
-
Set up User Registration. Activate
Social Registration
in the applicable admin UI screen or configuration file. -
After configuration is complete, test the result. For a common basic procedure, see Test social identity providers.
To configure how IDM handles social identity provider authentication using the admin UI:
-
From the navigation bar, click Configure > Authentication.
-
On the Authentication page, click the Modules tab, and then click the edit button adjacent to Social Providers.
-
In the Edit Social Providers Authentication Module window, you can enable/disable the authentication module, and change options, as necessary.
The Social Providers authentication module is enabled by default. For more information, see Social providers authentication module. -
Click Save.
To understand how data is transmitted between IDM and a social identity provider, read OpenID connect authorization code flow.
For all social identity providers, set up a FQDN for IDM, along with information in a DNS server, or system |
When you’ve configured one or more social identity providers, you can activate the Social Registration option in User Registration. This action adds:
-
The following setting to the
selfservice-registration.json
configuration file:"socialRegistrationEnabled" : true,
-
The
selfservice-socialUserClaim.json
configuration file, discussed in Account Claiming.
Under the Social tab, you’ll see a list of property mappings as defined in the selfservice.propertymap.json
file.
One or more source
properties in this file takes information from a social identity provider. When a user registers with their social identity account, that information is reconciled to the matching target
property for IDM. For example, the email
property from a social identity provider is normally reconciled to the IDM managed user mail
property.