With social authentication, a user logging into an application or website protected by ForgeRock selects the desired social identity provider, such as Facebook or Yahoo. Once the social provider has verified the user’s identity, the user is logged into your application or website. A user logging in for the first time will be registered in ForgeRock. If ForgeRock is configured to require certain credentials not present in the user's social media account, the user may be asked to provide some additional details during registration.
The use of social media for authentication and self-registration is a common and easy way to reduce the amount of information that needs to be manually entered by a user, and can dramatically reduce the drop out rate often associated with sites that request pages of customer details.
Social authentication is quick and convenient for the user. However, it may be insufficient for protecting sensitive information or any form of transaction or payment. ForgeRock journeys allow you to combine social authentication with a wide range of stronger forms of authentication, such as push notification, one-time passcode and biometrics.
ForgeRock provides pre-configured integrations for the following social providers:
However, in addition to these, any custom social identity providers can be set up, as long as they are compliant with the OAuth 2.0 authorization framework or OIDC standards.
A single user can be linked with multiple social identity logins. If they return using another social identity provider, the same user profile is used, and potentially updated or enriched with additional details. This is essential in maintaining a clean and accurate user data store without duplicate accounts for the same user.
ForgeRock provides a dashboard where users can choose the social identity providers they want to use for login.
The social identity provider works as an authentication or registration step that can be easily added to your Intelligent Access user journeys. Simply add the Social Provider Handler node to your login or registration journey and configure the journey to meet your specific needs.
The journey will include all your configured and enabled social identity providers, so you won't need to create different journeys for different providers.
See How do I create end user journeys for social registration and login in Identity Cloud? and Configure basic social registration trees (AM) for further information on how to create journeys for social authentication.
Each social identity provider is configured independently. As part of the identity provider configuration, the appropriate scopes pertaining to the provider are specified. These scopes represent the information that will be shared by the identity provider with ForgeRock when the user provides the consent. The identity provider is then in control of ensuring that the requisite consent has been sought from the user prior to providing the information.
Social authentication (Identity Cloud)