Skip to main content

Set Up External Datastore Identity Source Provider for Authentication

Learn how to integrate SecureAuth with an external datastore IDP.

About Integration with External Datastore IDPs

SecureAuth makes it possible for you to build a custom integration with an external datastore IDP. Such integration enables you to bring your own user data or user credentials store and use the Resource Owner Password OAuth grant flow as the means to authenticate your users. Additionally, it is also possible for SecureAuth to extend the identity context of the user using the external sources of user data.

For the integration to work, your external datastore service must expose an /authenticate endpoint implemented according to the Swagger specification provided by SecureAuth. Once the user tries to log in to the application, SecureAuth calls this endpoint to send provided credentials to authenticate the user.

Note

It is possible to have exactly one external datastore IDP or static (sandbox) IDPenabled for a workspace, but you can create more of them. Enabling one of the IDPs results in disabling the one that was enabled so far.

Basic Access Authentication

Basic authentication

SecureAuth integration with external datastores makes it possible to use Basic access authentication. It is a simple authentication scheme that is built into the HTTP protocol. To use it, provide your Basic Auth Username and Basic Auth Password that SecureAuth will base-64-encode and use them when sending a request to your authentication endpoint.

Prerequisites

  • Your service exposes an endpoint to which SecureAuth can send requests to authenticate your users.

Connect External IDP

  1. Go to Authentication > Providers > Create Connection.

  2. Select External IDP > Next.

  3. Fill in all necessary fields to configure your external IDP.

    1. Provide a display Name for your IDP.

    2. Provide an External datastore service URL.

      Note

      SecureAuth uses this path to construct the URL of your /authenticate endpoint.

    3. If you wish, enable the Authentication Context Caching.

      Tip

      Enable the authentication context caching, if you want to have the user's data cached in SecureAuth and avoid re-authenticating within one user's session. To learn more, see the Stateful authorization with SecureAuth documentation.

    4. If you wish, provide the credentials for Basic access authentication.

  4. Select Save.

    Result: Your external datastore IDP is available for your users. They can use it to, for example, login to your SecureAuth Admin Portal, Demo application, and more.

In this section: