Skip to main content

Authentication provider configuration

Your authentication provider is used as part of both the credential offer and issuance flows. You can only have one authentication provider configured on your tenant. Refer to our corresponding tutorial for more information and example configurations.

Access the Authentication provider screen by selecting Authentication provider from the navigation panel on the left-hand side of the self service portal.

The Authentication provider screen enables the following functionalities:

  • Configure an authentication provider

  • Update an authentication provider

  • Delete an authentication provider

Configure an authentication provider

Perform the following steps to configure your authentication provider:

  1. Select Authentication provider from the navigation panel on the left-hand side.

The Authentication provider screen is displayed.

  1. Use the URL text box to insert the URL of your authentication provider.

Must use https. Unicode will be converted to ASCII.

  1. Use the Authentication method radio button to select either Client secret basic (credentials are passed as a base 64 encoded basic token) or Client secret post (credentials are passed within the request body as parameters).

  2. Use the Client ID text box to insert your client ID for your authentication provider.

Note: This is your client ID for your authentication provider, not for your tenant.

  1. Use the Client secret text box to insert your client secret for your authentication provider.

Note: This is your client secret for your authentication provider, not for your tenant.

  1. Use the Additional scopes text box to add additional scopes for information that will be retrieved from your authentication provider.

Note: Scopes must exist in the openId configuration to be valid.

Multiple scopes can be added by separating them with commas.

  1. Use the Static request parameters text box to add additional parameters to include in the request. These parameters are the same for every request (for example prompt:login would let the authentication provider know that it should show the login page every time).

Important: Keys must be strings.

Note: Top level object key values are limited to 1000 characters each.

  1. Use the Forwarded request parameters text box to add additional dynamic parameters to each request to make the user journey more seamless. For example, forwarding login_hint would pass the email of the user starting the request flow.

Note: Each Forwarded parameter value is limited to 1000 characters.

  1. Use the Claims to sync text box to determine what claims from your authentication provider are synced against the corresponding Sovrin API user.

Note: You can provide multiple claims separated by commas.

  1. Select the CREATE button at the bottom of the screen to complete the configuration.

Update an authentication provider

You can only have one authentication provider configured on your tenant.

Perform the following steps to update your existing authentication provider configuration:

  1. Select Authentication provider from the navigation panel on the left-hand side.

The Authentication provider screen is displayed.

  1. Perform any required changes.

  2. Select the SAVE button at the bottom of the screen to apply changes.

Delete an authentication provider

tip

Deleting an authentication provider is permanent and cannot be reserved.

Perform the following steps to delete your authentication provider configuration:

  1. Select Authentication provider from the navigation panel on the left-hand side.

The Authentication provider screen is displayed.

  1. Select the DELETE button at the bottom.

The Delete authentication provider window is displayed.

  1. Select the YES, DELETE button to delete the authentication provider configuration.