External IDP Login
Cloudentity login page enables you to log in with IDPs active for a particular workspace or developers portal. They are displayed only if you have at least one external IDP connected and activated for a workspace or a developer portal.
To use an IDP hint in your login page, you need to enable the IDP in the Identities page in your workspace. To learn how to configure your IDP hints and check if this setup works, see the video or steps 1-3.
IDP-hints Video Guide
Remember the IDP
Cloudentity login page allows you to select an IDP that would be used for logging in with by default. With the Remember my Identity Provider toggle switch available at the bottom of the login page, you can pick an IDP to log in with next time. To make an IDP default for future logins, select the Remember my Identity Provider toggle and log in with the desired IDP.
You can give up your remembered IDP at any time and pick any other IDP from among your active identities by selecting Select a different account in the login page.
Step-by-step
-
From the workspace/portal sidebar, select Identity Data > Identity Providers.
-
From the Identities list, select Active toggles for all the IDPs that you want to enable.
-
Try to log in to a demo application within the configured workspace. You should now have the option to log in with the configured IDP
IDP Discovery
IDP discovery is one of the Cloudentity’s features aimed at improving the user experience for the login process. It allows to configure a set of email domains for an IDP. Based on that list, the user is suggested and optionally redirected to an appropiate authentication endpoint.
A lack of email domain assigned to a specific IDP means that the IDP is available for every user trying to log in to the application. It means that this IDP appears every time for suggested IDPs.
It is possible to configure a given email domain only for one identity provider. If a user tries to add a domain that is already defined for a different IDP, a conflict message is displayed with information for which IDP the given domain is already defined.
Static IDPs
For static (sandbox) IDPs it is impossible to enable instant redirect. Additionally, for the IDP discovery to work, the username must contain an email domain.
Enable IDP Discovery
To enable IDP discovery for your IDPs:
-
Go to Admin Portal > Identities.
-
Select either Standard Sign in (that allows the users to sign in with any active IDP connections) or Identity Provider (IDP) Discovery.
-
To enable IDP discovery for a given IDP, go to its settings and select
Configure Domains
Once IDP discovery is enabled, you can configure a set of domains for a given IDP connection.
Provide a set of email domains in your IDP settings Admin Panel > Identities > Your IDP > Configuration
Example
You can see that the IDP from the screenshot has two email domains added:
example.com
andcloudentity.com
.Instant redirect is enabled. Once the user tries to log in using either of the domains, they are instantly redirected to the log in page of this page.
Limit Available Identity Sources For Authentication
With Cloudentity Extensions, you can also limit available Identity Sources for the users to authenticate with.