How To
ForgeRock Identity Cloud
Integrations

How do I create end-user journeys for social registration and login in Identity Cloud?

Last updated Aug 17, 2021

The purpose of this article is to provide information on creating end-user journeys for social registration and login in Identity Cloud. These journeys are required when you integrate Identity Cloud with a third-party social provider, such as Google®, using OpenID Connect (OIDC) or OAuth 2.0 for Single Sign-On (SSO).


Overview

This article describes how to create end-user journeys for social registration and login in Identity Cloud. These journeys will include all your enabled social identity providers, so you won't need to create different journeys for different providers.

Journeys in Identity Cloud are very customizable and can support many use cases. This article provides examples of simple journeys that you can create easily by modifying the journey templates provided with Identity Cloud. It includes the following examples:

Social registration journey (example)

With this example journey, users can choose to register to Identity Cloud either with a social identity provider or by entering their details locally. If the user chooses to register with a social identity provider, such as Google, Identity Cloud creates a user from the profile data returned by the social identity provider. If any of the attributes required by Identity Cloud are missing from this profile data, the user is prompted to add values for those attributes when completing the registration.

Creating the social registration journey

  1. In the Identity Cloud Admin UI, navigate to Journeys > Registration.
  2. Click Duplicate.
  3. Enter a unique name for your journey, select which identities will authenticate using this journey, (optionally) enter a journey description, and click Save.
  4. Add the Select Identity Provider node to the Page Node. This node prompts the user to select a social identity provider to register with, or (optionally) to register locally.
  5. Add the following nodes to your journey:
    • Social Provider Handler. This node authenticates the user with the selected social identity provider. Once authenticated, the node collects profile information from the social identity provider and transforms that profile information into the attributes required by Identity Cloud.
    • Required Attributes Present. This node checks the attributes required by the specified identity object in Identity Cloud and determines if all the required attributes exist within the shared state of the journey.
    • Attribute Collector. This node collects the values of attributes required to populate a new account if any of those attributes are missing from the profile information provided by the social identity provider. Add this node to a Page Node so that the user is prompted to complete the required information during registration.

The journey should look similar to this:

  1. Configure the nodes as follows:
    • Click the initial Page Node and configure the Page Header and Page Description as needed. For example, you may want the “Sign In” link to go to a Social Login Journey instead of the default Login Journey.
    • Click the Social Provider Handler node and select Normalized Profile to Managed User in the Transformation Script field. This script transforms the social identity provider's profile object into an appropriate object for Identity Cloud.
    • Click the Required Attributes Present node and check the Identity Resource is correct; this should match the identity object you selected in step 3. The default is managed/user but you may need to change this to managed/alpha_user, for example.
    • Click the Attribute Collector node that you added and add the attributes to collect. These should include all the required attributes for the identity object. You can check which attributes are required by navigating to Native Consoles > Identity Management > Configure > Managed Objects > [Managed Object Type] and reviewing the list of properties. See Attribute Collector Node for further information.
    • Click the Page Node that contains the Attribute Collector node and configure the Page Header and Page Description as needed. See Page Node for further information.
  2. Click Save to save the journey.

Testing the journey

Before testing the journey, ensure that your social identity providers are correctly configured and enabled. See Social Authentication for further information.

  1. In the Identity Cloud Admin UI, navigate to Journeys.
  2. Click the journey that you want to test.
  3. Copy the Preview URL.
  4. Paste the preview URL into a browser using Incognito or Browsing mode.

A registration screen is displayed, similar to this:

  1. Follow the registration steps to test your journey.

Social login journey (example)

With this example journey, existing users can choose to sign in to Identity Cloud using either a social identity provider or by entering credentials locally. 

Creating the social login journey

  1. In the Identity Cloud Admin UI, navigate to Journeys > Login.
  2. Click Duplicate.
  3. Enter a unique name for your journey, select which identities will authenticate using this journey, (optionally) enter a journey description, and click Save.
  4. Add the Select Identity Provider node to the Page Node. This node prompts the user to select a social identity provider to log in with, or (optionally) to log in using local credentials.
  5. Add the Social Provider Handler node. This node authenticates the user with the selected social identity provider.

The journey should look similar to this:

  1. Configure the nodes as follows:
    • Click the initial Page Node and configure the Page Header and Page Description as needed. For example, you may want the “Create an Account” link to go to a Social Registration Journey instead of the default Registration Journey.
    • Click the Social Provider Handler node and select Normalized Profile to Managed User in the Transformation Script field.
  2. Click Save to save the journey.

Testing the journey

Before testing the journey, ensure that your social identity providers are correctly configured and enabled. See Social Authentication for further information.

  1. In the Identity Cloud Admin UI, navigate to Journeys.
  2. Click the journey that you want to test.
  3. Copy the Preview URL.
  4. Paste the preview URL into a browser using Incognito or Browsing mode.

A login screen is displayed, similar to this: 

  1. Follow the registration steps to test your journey.

Social login and registration journey (example)

A more comprehensive social login user experience would allow new accounts to be registered during the social login journey. This can be achieved by combining a social login journey and social registration journey, or by adding an Inner Tree Evaluator node.

In this example journey, the user can log in to Identity Cloud using a social identity provider or local credentials and register using a social identity provider if they do not already have an account. 

Creating the social login and registration journey

Note

The following steps assume that you have already created the social login journey described in the previous section.

  1. In the Identity Cloud Admin UI, navigate to Journeys.
  2. Choose the social login journey.
  3. Click Duplicate.
  4. Enter a unique name for your journey, select which identities will authenticate using this journey, (optionally) enter a journey description, and click Save.
  5. Add the following nodes to your login journey; these are the nodes required to register new users:
    • Required Attributes Present. This node checks the attributes required by the specified identity object and determines if all the required attributes exist within the shared state of the journey.
    • Attribute Collector. This node collects the values of attributes required to populate a new account if any of those attributes are missing from the profile information provided by the social provider. Add this node to a Page Node so that the user is prompted to complete the required information during registration.
    • Create Object. This node creates a new object in Identity Cloud, based on information collected during user registration.
    • Increment Login Count. This node increments the successful login count property of a managed object after the object has been created.

The journey should look similar to this:

  1. Configure the nodes as follows:
    • Click the initial Page Node and configure the Page Header and Page Description as needed. For example, you may want to completely remove the Create an Account link.
    • Click the Required Attributes Present node and check the Identity Resource is correct; this should match the identity object you selected in step 4. The default is managed/user but you may need to change this to managed/alpha_user, for example.
    • Click the Create Object node and check the Identity Resource is correct; this should match the identity object you selected in step 4. The default is managed/user but you may need to change this to managed/alpha_user, for example.
    • Click the Attributes Collector node and add the attributes to collect. These should include all the required attributes for the identity object. You can check which attributes are required by navigating to Native Consoles > Identity Management > Configure > Managed Objects > [Managed Object Type] and reviewing the list of properties. See Attribute Collector Node for further information.
    • Click the Page Node that contains the Attribute collector node and configure the Page Header and Page Description as needed. See Page Node for further information.
  2. Click Save to save the journey.

Testing the journey

Before testing the journey, ensure that your social identity providers are correctly configured and enabled. See Social Authentication for further information.

  1. In the Identity Cloud Admin UI, navigate to Journeys.
  2. Click the journey that you want to test.
  3. Copy the Preview URL.
  4. Paste the preview URL into a browser using Incognito or Browsing mode.

A login screen is displayed, similar to this:  

  1. Follow the registration steps to test your journey.

See Also

Google SSO integration with Identity Cloud for social authentication/registration

Salesforce SSO integration with Identity Cloud for social authentication/registration

FAQ: Journeys in Identity Cloud

ForgeRock Identity Cloud Docs

Authentication Nodes Configuration Reference

Configure Social Identity Providers


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.
Loading...