Configure Identity Provider Login Options

Owned by Phillip Hanegan
Feb 29, 2024
3 min read

The EmpowerID SSO framework allows you to configure identity provider (IdP) SSO connections for third-party identity provider applications that support the use of OAuth 2, SAML and WS-Fed for identity transactions. In this way, you can offer users the ability to authenticate to EmpowerID using the credentials from any third-party application that supports in which you establish a trust relationship.

After federating EmpowerID with one or more Identity Providers, you can configure EmpowerID to direct users to an external identity provider when landing on your portal’s page or give them multiple login options.

This article demonstrates how you can configure EmpowerID to meet the requirements of various identity provider login scenarios and assumes you have federated EmpowerID with one or more third-party identity providers and that you have registered one or more IdP domains.

By default, if no identity providers are selected for a domain, users will need to authenticate using their EmpowerID credentials.

Direct users to a single external Identity Provider

You can directly send users to any external identity provider that you have federated with EmpowerID by adding that identity provider as the sole login option for one or more IdP domain(s).

  1. On the navbar, expand Apps and Authentication > SSO Connections and click SSO Components.

  2. Locate the IdP domain for which you want to direct users to an external identity provider and click the IdP Domains link for the domain.

     

  3. Select the tab with the appropriate identity provider type for the identity provider. In this example, External OAuth Providers.

     

  4. Select the identity provider to which you want to direct your users for authentication. Be sure to select just that one.

     

  5. Click Save.

Test using a single identity provider

  1. Direct your browser to the domain configured with the single identity provider.

    You should see the login page for the identity provider (in this case, Box).

  2. Enter your credentials for the identity provider.

  3. You should be authenticated and redirected back to EmpowerID as a logged in user.

 

Give users more than one login option

You can configure EmpowerID to give users multiple login options, including using their EmpowerID credentials, and a combination of one or more third-party identity providers.

  1. On the navbar, expand Apps and Authentication > SSO Connections and click SSO Components.

  2. Locate the IdP domain for which you want to give users multiple login options and click the IdP Domains link for the domain.

  3. Select each tab for the related identity provider type(s) that you want to give users the ability to authenticate with and choose the appropriate identity providers.

Be sure to select EmpowerID from the list of SAML Identity Providers if you are picking multiple identity providers and you want logging in with EmpowerID credentials to be an option.

 

Test using multiple identity providers

  1. Direct your browser to the domain configured with multiple identity providers.

    You should see a login option for each identity provider you selected for the domain.

  2. Select an identity provider and provide your credentials. You should be authenticated to EmpowerID.

IN THIS ARTICLE