Activate an Account Provider
By default no Account Providers are active when a Tenant is created. Activating an Account Provider is simple and involves only a couple of steps.
Some configuration parameters depend on the type of Account Provider.
Note
For specific configuration parameters of an Account Provider type see the Related section
- Navigate to the Account Providers Admin Page (https://www.theidentityhub.com/{tenant}/Admin/AccountProvider) of your Tenant and click on Add. If you don't have a Tenant yet, you can register one for free.
- Click one of the available Account Providers to connect to.
- Depending on your choice you will have to supply one or more configuration parameters.
- Click Save. You will navigate to the list of Account Providers where the activated Account Provider will be listed.
Common configuration parameters for all Account Providers types
| Parameter | Description |
|---|---|
| Name | The display name for this Account Provider to show on the sign in page. For some Account Providers this is fixed and/or a default image is always shown. This is the case for most social identity providers. |
| Redirect Url | Most identity providers (protocols) require a URL to return to after the user signed in. For The Identity Hub this is always https://www.theidentityhub.com/{tenant}/authenticate/processaccountproviderresponse and cannot be changed. |
| Logo | The logo is displayed on the sign in page. Configuration is only available on account providers that support custom logos. The following options are available: - URL(*): URL to an image that can be used as a logo of the account provider. - Upload: Upload an image that can be used as a logo of the account provider. The file size must be less than 50kB. |
| Can be used to sign in | Whether or not a user can use this Account Provider to sign in. If not, the Account Provider option will not be displayed on the sign-in page. |
| Can be used to link with | Whether or not a user can link an existing account to the account he has on this Account Provider. |
| User can edit profile | Whether or not a user can update their profile in The Identity Hub when it is linked to an account on this Account Provider. (False for SAMLP, WSFed, O365; otherwise defaulted to true) |
| Inquire for existing account on first logon | When a user signs in the first time with this Account Provider The Identity Hub will inquire if the user has another existing account. If so the user will be able to link the two accounts. |
| Have to accept the terms when inquiring to link an account of this Account Provider to an existing account | Whether or not a user has to accept the terms when inquired to link his account of this Account Provider to an existing account. |
| Terms that have to be accepted when inquiring to link an account of this Account Provider to an existing account | The terms displayed to the user when inquired to link his account of this Account Provider to an existing account. |
| Master Account Providers | When one or more Master Account Providers are selected, a user authenticating with this Account Provider has to link at least one Master Account Provider before continuing. |
| Have to accept the terms when linking an account of this Account Provider to a Master Account Provider | Whether or not a user has to accept the terms when linking his account of this Account Provider to a Master Account Provider. |
| Terms that have to be accepted when linking an account of this Account Provider to a Master Account Provider | The terms displayed to the user when linking his account of this Account Provider to a Master Account Provider. |
| Authentication strength | Arbitrary indication of authentication strength. This value will be available for Apps. Possible values are: - None (0) - Very Low (1) - Low (2) - Medium (3) - High (4) - Very High (5) |
| Performs two factor authentication | Whether or not the external identity provider performs 2FA. If so The Identity Hub will not itself require 2FA during the sign in process. For some identity provider detection of performed 2FA can be automatic. This will be specified on the detailed documentation page of the Account Provider type. |
| Additional information | Free additional information that can be used at the administrators discretion |
| Direct Link | Available after activation. Use this link to redirect users to the Account Provider during sign in without having to select an Account Provider on the sign in view. |
| Custom logon result URL's* | When the authentication using the Account Provider fails a user can be redirected to a custom URL depending on the specific outcome: - Access denied: The responding provider has chosen not to authenticate the user. - Failed: The responding provider was unable to successfully authenticate the user. - An error occurred: Another error occurred during the authentication process Example URL: https://www.myaccessdeniedurl.com To include error message use {0} in the URL: https://www.myaccessdeniedurl.com/message={0}. The message will be base64 url encoded * For the moment the message will only be available for SAMLP Account Providers * Custom logon result URL's are not available for smart card Account Providers. |
(*) Configuring a corporate logo for the account provider tile
Some generic Account Providers like SAML-P, WSFed, O365, OpenID Connect allow the administrator to set the image which is displayed on the account provider tile.
This can be either an external link or an uploaded image.
However, as of TIH 1.70, for on premises installations a system setting can be applied that will not allow external links and only allows images to be uploaded.
This system setting is not applied by default. When applied, it will result in a more stringent CSP header. This may result in broken images in case urls to external sites are still configured on the already existing account providers.
Related
Amazon Account Provider
Built-in Username and Password Account Provider
Custom Account Providers
Facebook Account Provider
GitHub Account Provider
Google Account Provider
Instagram Account Provider
LinkedIn Account Provider
Microsoft Account Provider
myID.be Account Provider
Office 365 Account Provider
OpenID Connect Account Provider
PayPal Account Provider
SAML-P Account Provider
StackExchange Account Provider
Twitter Account Provider
WS-Federation Account Provider