Product Q&As
ForgeRock Identity Cloud
Integrations

Does Identity Cloud support social authentication?

Last updated Mar 3, 2022

Yes. Social authentication in ForgeRock Identity Cloud lets your users log in once with their preferred social media account, then gain access to all their applications and services. ForgeRock makes this easy by providing pre-configured social identity integrations that can be included in your user journeys.


Overview

Users often prefer to authenticate using their social media accounts since it reduces the number of passwords they need to remember and allows them to sign in quickly if they're already logged in to a social media account.  

With social authentication, a user logging into an application or website protected by Identity Cloud selects the desired social identity provider, such as Facebook® or Yahoo®. Once the social provider has verified the user’s identity, the user is logged into your application or website. A user logging in for the first time will be registered in Identity Cloud. If Identity Cloud is configured to require certain credentials not present in the user's social media account, the user may be asked to provide some additional details during registration.

The use of social media for authentication and self-registration is a common and easy way to reduce the amount of information that needs to be manually entered by a user, and can dramatically reduce the drop out rate often associated with sites that request pages of customer details.

Note

Social authentication is quick and convenient for the user. However, it may be insufficient for protecting sensitive information or any form of transaction or payment. ForgeRock journeys allow you to combine social authentication with a wide range of stronger forms of authentication, such as push notification, one-time passcode and biometrics.

What social identity providers are supported in Identity Cloud?

Identity Cloud provides pre-configured integrations for the following social providers:

  • Amazon
  • Apple
  • Facebook
  • Google
  • Itsme
  • LinkedIn
  • Microsoft
  • Salesforce
  • Twitter
  • Vkontakte
  • WeChat
  • WordPress
  • Yahoo

However, in addition to these, any custom social identity providers can be set up, as long as they are compliant with the OAuth 2.0 authorization framework or OIDC standards.

A single user can be linked with multiple social identity logins. If they return using another social identity provider, the same user profile is used, and potentially updated or enriched with additional details. This is essential in maintaining a clean and accurate user data store without duplicate accounts for the same user.

Identity Cloud provides a dashboard where users can choose the social identity providers they want to use for login.

Note

Instagram now uses the Instagram Basic Display API, which is not an authentication solution. Instagram recommends using Facebook Login instead.

Adding social authentication to your user journey

The social identity provider works as an authentication or registration step that can be easily added to your user journeys in Identity Cloud. Simply add the Social Provider Handler node to your login or registration journey and configure the journey to meet your specific needs. 

The journey will include all your configured and enabled social identity providers, so you won't need to create different journeys for different providers.

See How do I create end user journeys for social registration and login in Identity Cloud? for further information on how to create journeys for social authentication.

Managing consents

Each social identity provider is configured independently. As part of the identity provider configuration, the appropriate scopes pertaining to the provider are specified. These scopes represent the information that will be shared by the identity provider with ForgeRock when the user provides the consent. The identity provider is then in control of ensuring that the requisite consent has been sought from the user prior to providing the information. 

See Also

Amazon SSO integration with Identity Cloud for social authentication/registration

Facebook SSO integration with Identity Cloud for social authentication/registration

Google SSO integration with Identity Cloud for social authentication/registration

LinkedIn SSO integration with Identity Cloud for social authentication/registration

Salesforce SSO integration with Identity Cloud for social authentication/registration

WordPress SSO integration with Identity Cloud for social authentication/registration

Yahoo SSO integration with Identity Cloud for social authentication/registration

How do I create end user journeys for social registration and login in Identity Cloud?

Single Sign-On Integrations for Identity Cloud

Social Authentication


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.