Use Cloudentity for User Authentication
Use Cloudentity built-in identity pools for user authentication and storage
Cloudentity Identity Pools as Authentication Providers
Identity Pools are used to store users and user populations within Cloudentity. Identity Pools can be used for user authentication.
To enable a user population to login to integrated applications the Identity Pool needs to be set up as identity provider.
Prerequisites
At least one Identity Pool must be created in your tenant. Create the Identity Pool and add users if you haven't done so already.
Connect Identity Pool IDP
Basic Configuration
In your workspace, go to Authentication > Providers > Create Connection.
Under Cloudentity Providers, select Identity Pool > Next.
From Available pools, select a user pool to be associated with this Identity Provider. Enter the Identity Provider Name to show the users who try to log in with this IDP and select Create.
Result: Your new IDP connection is created and the configuration page opens for advanced configuration. Users can now authenticate with this Identity Pool Provider.
You can now configure the advanced settings for this IDP.
Configure Advanced Settings
Advanced settings contain optional features which may be necessary to use in specific cases.
Go to Authentication > Providers > YOUR_IDP > Configuration page
Optionally, enable Authentication context caching.
Tip
You can enable the authentication context caching if you want Cloudentity to store the user's authentication data. If you do, specify the cache Time To Live as well. Learn more by reading Stateful authorization with Cloudentity.
Go to Advanced settings
Property
Description
Authentication Method Reference
Authentication method to be written into the
amr
object returned by the IDP. Theamr
object is created if it doesn't exist. If it exists, its values are replaced with the items selected in this field.HiddenReload Claims at Refresh Token
Refresh access token claims when issuing access token based on a refresh token.
Select Save.
Configure Attributes and Mapping
In case of the Identity Pool IDP, please stick to the predefined configuration for attributes and mapping in case you have used the pre-defined schema for a given pool. If you have applied a custom schema for a given identity pool, then make sure the new schema attributes are mapped correctly, to ensure the attributes are made available to the Cloudentity authentication context on successful authentication.
Connect Extensions to your IDP
Go to Authentication > Providers > YOUR_IDP > Extensions.
Assign a Post Authentication script to the IDP. This script will be executed upon user authentication via this IDP.
Connect your application to the IDP in the Post Authentication application field. Users will be redirected to this application upon authentication via this IDP.
Note
Post Authentication applications must be explicitly enabled in your tenant using the
custom_apps
feature flag.
Test Identity Pool IDP
Open the user portal (to get the URL, go to Applications > Clients > User portal and copy the Redirect URL).
Select your configured IDP (if you only have one IDP configured, this IDP is used by default and selection is not necessary). You have the following features at your disposal:
If you already have an active account, you can authenticate with your credentials, OTP or Passkey (depending on which method is configured for the underlying Identity Pool).
You can register a new account if public registration is allowed by the underlying Identity Pool. You will be asked to provide data in accordance with the Payload Schema assigned to the Identity Pool.
You can send OTPs or reset your password
If you want to add users as an administrator, check the Configuring Identity Pools documentation, as this is done from the Identity Pool level.