Defining authentication sources - PingFederate

Defining authentication sources - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 3 min read

PingFederate 10.0 Product Configuration User task Product documentation Content Type Administrator Audience Software Deployment Method

Authentication sources are optional. They are the identifiers for third-party identity providers, such as social network providers. When defined, the associated HTML Form Adapter instance displays them on the sign-on page as alternative options for authentication and registration (if enabled). If profile management is enabled, users can connect or disconnect third-party identity providers to and from their accounts.

Attributes received from third-party identity providers can optionally be stored as part of the user records. If required, attributes can be updated as users authenticate. By default, attributes are removed from user records as users disconnect third-party identity providers from their accounts. It is worth noting that storing attributes received from third-party identity providers is optional and configurable on a per-local identity profile basis. Additionally, this option is only applicable when a local identity profile is configured with registration, profile management, or both.

Configure authentication sources.
- To add a new authentication source, enter the desired value in the field and click Add.
  Tip:
  If you use the authentication source names Facebook, Google, LinkedIn, Twitter, or FIDO, the HTML Form Adapter default templates render the associated icons on the registration and profile management pages.
- To modify an existing authentication source, use the Edit, Update, and Cancel workflow.
- To remove an existing authentication source, click Delete for the applicable authentication source.
  CAUTION:
  When removing an authentication source, keep in mind that accounts that were created using the associated third-party identity provider will no longer be usable after the removal. To minimize the risk of accidental removals, the administrative console prompts to confirm each removal request.
- To change the display order of the authentication sources on the sign-on page and the profile management page, use the up and down arrows to reorder them.
Make a note of the values defined here. In a later step, you will be creating a rule for each authentication source in an IdP authentication policy. Each rule forms a policy path that initiates the authentication process.
Configure storage settings for attributes received from third-party identity providers.

Inapplicable (and not shown) if neither registration nor profile management is enabled on the Profile Info screen.
1. If attributes should be stored, select the Store Attributes check box.
  This check box is not selected by default.
2. If attributes should be retained after users disconnect third-party identity providers from their accounts, select the Keep Attributes After Users Disconnect check box.
  This check box is not selected by default.
3. If attributes should be updated as users authenticate, select the Update Attributes When Users Authenticate check box and enter a value in the Minimum Number of Days Between Updates field.
  The Update Attributes When Users Authenticate check box is not selected by default, and the Minimum Number of Days Between Updates field has no default value.