Skip to main content

Control login flow

SecureAuth lets administrators define and customize login flows based on user identifiers, security policies, and authentication requirements. It routes authentication requests dynamically, helping organizations enforce adaptive security, streamline access, and improve the login experience.

External IDP Login

SecureAuth login page enables you to log in with IDPs active for a particular workspace or developers portal. They are displayed only if you have at least one external IDP connected and activated for a workspace or a developer portal.

To use an IDP hint in your login page, you need to enable the IDP in the Identities page in your workspace. To learn how to configure your IDP hints and check if this setup works, follow the video guide or the step-by-step directions below.

IDP-hints video guide

Remember the IDP

SecureAuth login page allows you to select an IDP that would be used for logging in with by default. With the Remember my Identity Provider toggle switch available at the bottom of the login page, you can pick an IDP to log in with next time. To make an IDP default for future logins, select the Remember my Identity Provider toggle and log in with the desired IDP.

You can give up your remembered IDP at any time and pick any other IDP from among your active identities by selecting Select a different account in the login page.

Step-by-step

  1. From the workspace/portal sidebar, select Authentication > Providers.

  2. From the Providers list, select Active toggles for all the IDPs that you want to enable.

  3. Try to log in to a demo application within the configured workspace. You should now have the option to log in with the configured IDP

Identifier-based discovery

With Identifier-based discovery, users provide their identifier first during user authentication. Depending on the user's input, a list of recommended authentication providers is presented.

Identifier-based discovery is only available for users stored in SecureAuth or Identity Providers configured for user provisioning.

Note

You can set up a fallback provider in case the discovery does not locate a matching identity provider. We recommend setting at least one fallback provider.

Enable Identifier-based IDP Discovery

To enable identifier-based IDP discovery in SecureAuth, follow these steps:

  1. In the admin panel of your workspace, go to Authentication > Providers.

  2. Select the Discovery tab.

  3. Click Intelligent Discovery.

    ciam_intelligent_discovery.png

  4. Click the three-dot icon next to an Identity Provider and select Edit.

  5. Set the following:

    Email domain based discovery

    Enter the email domains associated with this IdP

    User Record Lookup

    Select the check box to match identifiers with organization users.

    Instant Redirect

    Select the check box to automatically send users to the correct IdP when only one match is found.

    Fallback Provider

    Set a backup provider in case no matching IdP is detected.

    ciam_enable_id_based_discovery.png

  6. Click Save to apply the changes.

    Now, when users enter their identifier on the login screen SecureAuth will intelligently direct them to the correct authentication provider.

Limit Available Identity Sources For Authentication

With SecureAuth Extensions, you can also limit available Identity Sources for the users to authenticate with.

In this section: