IDM 7.2.0

Social registration scenarios

Social authentication is deprecated and will be removed in a future release of IDM. For more information, see Deprecation.

When users connect to IDM with a social identity provider, it could be the first time they’re connecting to your system. They could already have an regular IDM account. They could already have registered with a different social identity provider. This section describes what happens during the self-registration process. The process varies depending on whether there’s an existing account in the IDM managed user store.

The flow varies slightly if the user already exists in IDM.
Figure 1. The flow varies slightly if the user already exists in IDM.

The following list describes each item in the flow shown in the adjacent figure:

  1. From the IDM End User UI, the user selects the Register link

  2. The self-registration Interface returns a Register Your Account page at {hostname}/#/registration with a list of configured providers.

  3. The user then selects one configured social identity provider.

  4. IDM connects to the selected social identity provider.

  5. The social identity provider requests end user authentication.

  6. The end user authenticates with the social identity provider.

  7. The social identity provider prompts the user to accept sharing selected account information.

  8. The user accepts the conditions presented by the social identity provider.

  9. The social identity provider notifies IDM of the user registration request.

  10. IDM passes responsibility to the administrative interface.

  11. IDM uses the email address from the social identity provider, and compares it with email addresses of existing managed users.

  12. If the email address is found, IDM links the social identity information to that account (and skips to step 16).

  13. IDM returns to the self-registration (Self-Service) interface.

  14. The self-registration interface prompts the user for additional information, such as security questions, and reCAPTCHA, if configured per Google reCAPTCHA.

  15. The user responds appropriately.

  16. IDM creates a new managed user. If the user has already been created, IDM reviews data from the social identity provider, and updates the user data for the managed/provider to conform. In this case, the provider is a social identity provider such as Google.

  17. The user is redirected to the Success URL.

Copyright © 2010-2022 ForgeRock, all rights reserved.