Creating IdP Domains
IdP (Identity Provider) domains are SSO Components in EmpowerID that you can use to set the login options available to users accessing your portal from that domain (URL). For example, if you have one domain for internal users, another domain for customers and a third domain for partners, you can create an IdP domain for each of those domains, specifying the login options to available to each. In this way, you might set up an IdP domain with Windows auth and EmpowerID forms auth options for your internal users, an IdP domain for partners with EmpowerID forms auth only and an IdP domain for customers with one or more social media login options. As long as the URL you specify for an IdP domain is fully resolvable, you can configure it with as many or few login options as needed by your login policies.
Login options set on IP Address Ranges take precedence over login options set on IdP Domains. For example, if you create an IP Address Range for internal users and configure it to only allow Windows auth and create an IdP Domain for your internal network with login options for Windows auth and EmpowerID forms auth, your internal users will not see the EmpowerID forms auth option.
To create an IdP Domain
- From the Navigation Sidebar, expand Admin > Applications and Directories > SSO Connections and click SSO Components.
- Click the IdP Domains tab and then click the Add IdP Domain (+) button.
- From the General tab of the IdP Domain Details form that appears, type the fully qualified domain name in the Domain Name field and a description for the domain in the Description field.
- Optionally, click the Identity Provider type tabs and select each Identity Provider that you want to appear to users as a login option for the IdP domain. Identity Provider type tabs include the following:
- SAML Identity Providers - SAML identity providers are services that support SAML transactions for identity proofing and SSO. Examples include Windows authentication, the EmpowerID IdP (EmpowerID forms auth) and Smart Card authentication.
- WS-Fed Identity Providers - WS-Fed identity providers are services that support the use of WS-Security tokens for identity proofing and SSO. A popular example includes Office 365.
- OAUTH Identity Providers - OAuth identity providers are services that support the OAuth protocol for identity proofing. Popular examples include Social Media logins like Facebook, Twitter and LinkedIn.
- When ready, click Save to create the IdP domain.