How-tos

3 mins read

Use Cloudentity for User Authentication

Use Cloudentity built-in identity pools for user authentication and storage

Cloudentity Identity Pools as Authentication Providers

Identity Pools are used to store users and user populations within Cloudentity. Identity Pools can be used for user authentication.

To enable a user population to login to integrated applications the Identity Pool needs to be set up as identity provider.

Prerequisites

At least one Identity Pool must be created in your tenant. Create the Identity Pool and add users if you haven’t done so already.

Connect Identity Pool IDP

Basic Configuration

  1. In your workspace, go to Authentication » Providers > Create Connection.

  2. Under Cloudentity Providers, select Identity Pool > Next.

  3. From Available pools, select a user pool to be associated with this Identity Provider. Enter the Identity Provider Name to show the users who try to log in with this IDP and select Create.

    Result

    Your new IDP connection is created and the configuration page opens for advanced configuration. Users can now authenticate with this Identity Pool Provider.

  4. You can now configure the advanced settings for this IDP.

Configure Advanced Settings

Advanced settings contain optional features which may be necessary to use in specific cases.

  1. Go to Authentication » Providers » YOUR_IDP > Configuration page

  2. Optionally, enable Authentication context caching.

    Tip

    You can enable the authentication context caching if you want Cloudentity to store the user’s authentication data. If you do, specify the cache Time To Live as well. Learn more by reading Stateful authorization with Cloudentity.

  3. Go to Advanced settings

    Property Description
    Authentication Method Reference Authentication method to be written into the amr object returned by the IDP. The amr object is created if it doesn’t exist. If it exists, its values are replaced with the items selected in this field.Hidden
    Reload Claims at Refresh Token Refresh access token claims when issuing access token based on a refresh token.
  4. Select Save.

Configure Attributes and Mapping

In case of the Identity Pool IDP, please stick to the predefined configuration for attributes and mapping in case you have used the pre-defined schema for a given pool. If you have applied a custom schema for a given identity pool, then make sure the new schema attributes are mapped correctly, to ensure the attributes are made available to the Cloudentity authentication context on successful authentication.

Connect Extensions to your IDP

  1. Go to {{% nav-paths/idps %}} » YOUR_IDP » Extensions.

  2. Assign a Post Authentication script to the IDP. This script will be executed upon user authentication via this IDP.

  3. Connect your application to the IDP in the Post Authentication application field. Users will be redirected to this application upon authentication via this IDP.

    Feature flag

    Post Authentication applications must be explicitly enabled in your tenant using the custom_apps feature flag.

Test Identity Pool IDP

  1. Open the user portal (to get the URL, go to Applications » Clients » User portal and copy the Redirect URL).

  2. Select your configured IDP (if you only have one IDP configured, this IDP is used by default and selection is not necessary). You have the following features at your disposal:

    • If you already have an active account, you can authenticate with your credentials, OTP or Passkey (depending on which method is configured for the underlying Identity Pool).

    • You can register a new account if public registration is allowed by the underlying Identity Pool. You will be asked to provide data in accordance with the Payload Schema assigned to the Identity Pool.

    • You can send OTPs or reset your password

If you want to add users as an administrator, check the Configuring Identity Pools documentation, as this is done from the Identity Pool level.

Updated: Nov 2, 2023