Defining authentication sources
Authentication sources are identifiers for third-party identity providers, such as social providers used to display these providers on the HTML form adapter user interface as alternate authentication and registration options. They are also used in authentication policies to configure branches to identity provider (IdP) adapters and connections.
About this task
Authentication sources are optional. They are the identifiers for third-party identity providers, such as social network providers. When defined, the associated HTML Form Adapter instance displays them on the sign-on page as alternative options for authentication and registration, if enabled. If profile management is enabled, users can connect or disconnect third-party identity providers to and from their accounts.
You can store attributes received from third-party identity providers as part of the user records. If required, attributes can be updated as users authenticate. By default, attributes are removed from user records as users disconnect third-party identity providers from their accounts. It is worth noting that storing attributes received from third-party identity providers is optional and configurable on a per-local identity profile basis. Additionally, this option is only applicable when a local identity profile is configured with registration, profile management, or both.
Steps
-
On the Authentication Sources tab, type a source in the Authentication Source field, and click Add.
If you use the authentication source names Facebook, Google, LinkedIn, Twitter, FIDO, the HTML Form Adapter default templates render the associated icons on the registration and profile management pages.
As of PingFederate 10.2, you can use
Security Key
as an authentication source. The Security Key authentication source automatically adds a Security Key button to the HTML Form Adapter and Local Identity Profile management and registration pages. It allows users to authenticate with a hardware security key such as YubiKey. The button displays only if the user’s device or browser supports the Web Authentication (WebAuthn) protocol.You can also use the Security Key authentication source with the PingID adapter by configuring a policy tree with a rule that includes a
policy.action
attribute equal to a Value and Result ofSecurity Key
. Then select the PingID Adapter under Security Key in the policy and configure it as needed. For information about configuring authentication policies and rules, see Defining authentication policies and Configuring rules in authentication policies.Result:
Make a note of the values defined here. In a later step, you will create a rule for each authentication source in an identity provider (IdP) authentication policy. Each rule forms a policy path that initiates the authentication process.
-
If needed, modify or remove existing authentication sources.
When removing an authentication source, keep in mind that accounts that were created using the associated third-party identity provider will no longer be usable after the removal. To minimize the risk of accidental removals, the administrative console prompts to confirm each removal request.
-
Configure storage settings for attributes received from third-party IdP.
The attribute storage settings are inapplicable and not shown if neither Enable Registration nor Enable Profile Management check box not selected on the Profile Info tab.
Choose from:
-
If storing attributes, select the Store Attributes check box.
-
If you want attributes retained after users disconnect third-party IdP from their accounts, select the Keep Attributes After Users Disconnect check box.
-
If you want attributes updated as users authenticate, select the Update Attributes When Users Authenticate check box and enter a value in the Minimum Number of Days Between Updates field.
-
-
When finished, click Next.