--- title: Defining authentication sources description: Authentication sources are identifiers for third-party identity providers, such as social providers used to display these providers on the HTML form adapter user interface as alternate authentication and registration options. They are also used in authentication policies to configure branches to identity provider (IdP) adapters and connections. component: pingfederate version: 13.0 page_id: pingfederate:administrators_reference_guide:pf_defining_authentication_sources canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_defining_authentication_sources.html revdate: July 10, 2024 section_ids: about-this-task: About this task steps: Steps result: Result: choose-from: Choose from: related-links: Related links --- # Defining authentication sources Authentication sources are identifiers for third-party identity providers, such as social providers used to display these providers on the HTML form adapter user interface as alternate authentication and registration options. They are also used in authentication policies to configure branches to identity provider (IdP) adapters and connections. ## About this task Authentication sources are optional. They are the identifiers for third-party identity providers, such as social network providers. When defined, the associated HTML Form Adapter instance displays them on the sign-on page as alternative options for authentication and registration, if enabled. If profile management is enabled, users can connect or disconnect third-party identity providers to and from their accounts. You can store attributes received from third-party identity providers as part of the user records. If required, attributes can be updated as users authenticate. By default, attributes are removed from user records as users disconnect third-party identity providers from their accounts. It is worth noting that storing attributes received from third-party identity providers is optional and configurable on a per-local identity profile basis. Additionally, this option is only applicable when a local identity profile is configured with registration, profile management, or both. ## Steps 1. On the **Authentication Sources** tab, type a source in the **Authentication Source** field, and click **Add**. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you use the authentication source names Facebook, Google, LinkedIn, Twitter, FIDO, the HTML Form Adapter default templates render the associated icons on the registration and profile management pages. | | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | As of PingFederate 10.2, you can use `Security Key` as an authentication source. The Security Key authentication source automatically adds a Security Key button to the HTML Form Adapter and Local Identity Profile management and registration pages. It allows users to authenticate with a hardware security key such as YubiKey. The button displays only if the user's device or browser supports the Web Authentication (WebAuthn) protocol.You can also use the Security Key authentication source with the PingID adapter by configuring a policy tree with a rule that includes a `policy.action` attribute equal to a **Value** and **Result** of `Security Key`. Then select the PingID Adapter under **Security Key** in the policy and configure it as needed. For information about configuring authentication policies and rules, see [Defining authentication policies](pf_defining_auth_policies.html) and [Configuring rules in authentication policies](pf_config_rules_auth_policies.html). | ### Result: Make a note of the values defined here. In a later step, you will create a rule for each authentication source in an identity provider (IdP) authentication policy. Each rule forms a policy path that initiates the authentication process. 2. If needed, modify or remove existing authentication sources. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When removing an authentication source, keep in mind that accounts that were created using the associated third-party identity provider will no longer be usable after the removal. To minimize the risk of accidental removals, the administrative console prompts to confirm each removal request. | 3. Configure storage settings for attributes received from third-party IdP. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The attribute storage settings are inapplicable and not shown if neither **Enable Registration** nor **Enable Profile Management** checkbox not selected on the **Profile Info** tab. | ### Choose from: * If storing attributes, select the **Store Attributes** checkbox. * If you want attributes retained after users disconnect third-party IdP from their accounts, select the **Keep Attributes After Users Disconnect** checkbox. * If you want attributes updated as users authenticate, select the **Update Attributes When Users Authenticate** checkbox and enter a value in the **Minimum Number of Days Between Updates** field. 4. When finished, click **Next**. ## Related links * [Enabling third-party identity providers](pf_enabling_third_party_identit_provid.html) * [Enabling third-party identity providers without registration](pf_enabling_thirdparty_identity_providers_without_registration.html) * [Troubleshooting registration and profile management issues](pf_troubleshoot_registra_profile_management_issues.html)