Adding an identity provider - Yahoo

Adding Yahoo as an external identity provider (IdP) gives your users the option to sign in with their Yahoo accounts when accessing your application.

Before you begin

Ensure that the application is added to PingOne.

Set the Grant Type for the application to Implicit.

To enable signing on with Yahoo, create the application on the Yahoo Developers page. Yahoo will generate a client ID and client secret to identify the application. For more information, see https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html.

Go to the Yahoo Developer page at developer.yahoo.com/apps.

If you haven’t created a Yahoo Developer account, you can do so now.
Click the Create an App button.
Enter a name for the application.
For Application type, select Web application.
Leave Redirect URI blank for now.

You will get this value from PingOne and enter it later.
In the API Permissions section, select OpenID Connect Permissions, and then select Email and Profile.
Leave the page open so you can return later to enter the Redirect URI.

Configure the identity provider connection in PingOne.

Ensure that registration is enabled in the authentication policy. See Editing an authentication policy.

In PingOne, go to Integrations → External IdPs.
Click Add Provider.
Click Yahoo.
On the Create Profile page, enter the following information:
- Name: A unique identifier for the identity provider.
- Description: (Optional). A brief description of the IdP.
You cannot change the icon and login button, in accordance with the provider’s brand standards.
Click Next.
On the Configure Connection page, copy the value for Redirect URI to a secure location.
Leave the page open so you can return later to enter the values for Client ID and Client secret.

After you have copied the value for redirect URI, you can enter it in the Yahoo Developers page.

Ensure you have the redirect URI from PingOne that you copied in Adding Yahoo as an identity provider in PingOne.

Go to the Yahoo Developers page at developer.yahoo.com/apps.
For Redirect URI, enter the value that you copied from PingOne on the Configure Connection page.
Click Create App.

After you have created the application with Yahoo, copy the values for client ID and client secret and enter them into PingOne.

Go to the Yahoo Developers page at developer.yahoo.com/apps.
Copy the values for Client ID and Client Secret to a secure location.
In PingOne, go to the Configure Connection page and enter the following values:
- Client ID. The application ID that you copied from the IdP. You can find this information on the Yahoo Developers site.
- Client Secret. The application secret that you copied from the IdP. You can find this information on the Yahoo Developers site.
Click Save and Continue.
On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes. For more information, see Mapping attributes.
- Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.
- To add an attribute, click Add attribute.
- To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.
- Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:
  - Empty only: Update the PingOne attribute only if the existing attribute is empty.
  - Always: Always update the PingOne directory attribute.
You can map the following attributes provided by Yahoo:
- sub
- name
- given_name
- family_name
- email
- picture
- nickname
- locale
Click Save and Finish.

Enable the external IdP. See Enabling or disabling an identity provider.
Add the IdP to your authentication policy. See Editing an authentication policy.
Add the authentication policy to your application. See Applications.