Skip to main content

Apple

Set up Apple as a social login provider in SecureAuth Connect so users can sign in with their Apple Account.

note

Apple shares user data (name, email) only during the first login. To retain this data for future logins, enable Just-in-Time (JIT) provisioning. See Provisioning.

Register Apple as a provider

  1. In your workspace, go to Authentication > Providers.

  2. Click Create Connection.

  3. Filter by Social Providers and select Apple. Create Connection page showing available social providers

  4. Choose a registration mode:

    ModeDescription
    EmbeddedUses a client application registered by SecureAuth. No developer portal registration required. The Apple sign-in page shows SecureAuth's app identity.
    Bring your OwnUses a client application registered by your organization. The Apple sign-in page shows your app's name. Requires registering an application in the Apple Developer portal to obtain a Client ID and Client Secret.

    Apple Configuration tab showing Embedded mode, Display order, and JIT provisioning recommendation

Configuration

SettingDescription
NameDisplay name for this provider. Default: Apple.
Display orderControls the position of this provider on the sign-in page. Default: 0.

Use Try Sign-in to test the Apple sign-in flow.

Apple Account sign-in page shown when testing with Try Sign-in

Attributes

Apple returns the following attributes after authentication:

Connector nameFriendly nameData typeScope
emailEmailStringUser Info
firstNameFirst nameStringUser Info
lastNameLast nameStringUser Info
nameNameStringUser Info

Apple returns fewer attributes than other social providers. If you need additional user data, collect it during registration or through a post-authentication extension.

To add custom attributes, click + Add attribute.

Mappings

Default attribute mappings from Apple to the SecureAuth authentication context:

SourceApple source nameSecureAuth target name
User InfoEmailEmail
User InfoFirst nameGiven name
User InfoLast nameFamily name
User InfoNameName

To customize, click + Add mapping or + Add static mapping.

Provisioning

Provisioning controls what happens when a user authenticates through Apple.

tip

Enable Just-in-Time Provisioning for Apple. Apple only shares user data (name, email) during the first login. Without JIT provisioning, this data is not stored and is unavailable on subsequent logins.

Disabled

Users are not persisted in the user store. Authentication succeeds but no user record is created. Not recommended for Apple due to the first-login data limitation.

Just-in-Time Provisioning

Users are persisted in the user store on first login. Recommended for Apple.

Identifier Correlation
Maps the incoming Apple identity to an existing user. Default: Apple Email ↔ Users Email.

Attribute Provisioning
Maps Apple attributes to user profile fields. Defaults:

  • EmailEmail
  • Given nameFirst name
  • Family nameLast name

Provisioning tab with Just-in-Time Provisioning selected, showing Identifier Correlation and Attribute Provisioning

Pre provisioning mode

Users must already exist in the user store before they can authenticate. New users are not auto-created at login; they must be added via an offline process.

Authentication flow control
Select what happens when no matching user is found:

  • Deny – Terminate the authentication flow.
  • Allow – Proceed with the authentication flow.

Identifier Correlation
Maps the incoming Apple identity to an existing user. Default: Apple Email ↔ Users Email.

Attribute Provisioning
Maps Apple attributes to user profile fields. Defaults:

  • EmailEmail
  • Given nameFirst name
  • Family nameLast name

Provisioning tab with Pre provisioning mode selected, showing Authentication flow control and Attribute Provisioning

Extensions

ExtensionDescription
Post Authentication scriptA server-side script that runs after Apple authentication completes. Click Manage Script to configure.
Post Authentication applicationA custom application that receives a callback after Apple authentication completes. Click Manage Custom App to configure.

See also