Using the administrative console, configure a new authentication source, modify existing ones, and configure storage settings for attributes as needed.

Authentication sources are optional. They are the identifiers for third-party identity providers, such as social network providers. When defined, the associated HTML Form Adapter instance displays them on the sign-on page as alternative options for authentication and registration, if enabled. If profile management is enabled, users can connect or disconnect third-party identity providers to and from their accounts.

You can store attributes received from third-party identity providers as part of the user records. If required, attributes can be updated as users authenticate. By default, attributes are removed from user records as users disconnect third-party identity providers from their accounts. It is worth noting that storing attributes received from third-party identity providers is optional and configurable on a per-local identity profile basis. Additionally, this option is only applicable when a local identity profile is configured with registration, profile management, or both.

  1. Configure authentication sources.
    ActionSteps
    Add a new authentication source
    1. Go to Authentication > Policies > Local Identity Profiles.
    2. On the Local Identity Profiles window, click Create New Profile.
    3. On the Profile Info tab, enter Local Identity Profile Name, from the Authentication Policy Contract list, select an option.
    4. Select the Enable Registration and Enable Profile Management check boxes as needed.
    Tip:

    If you use the authentication source names Facebook, Google, LinkedIn, Twitter, or FIDO, the HTML Form Adapter default templates render the associated icons on the registration and profile management pages.
    Modify an existing authentication source
    1. On the Authentication Sources tab, under Action, click Edit.
    2. Click Update or Cancel.
    Remove an existing authentication source
    1. On the Authentication Sources tab, under Action, click Update for the applicable authentication source.
    2. Click Delete.
    CAUTION:

    When removing an authentication source, keep in mind that accounts that were created using the associated third-party identity provider will no longer be usable after the removal. To minimize the risk of accidental removals, the administrative console prompts to confirm each removal request.
    Change the display order of the authentication sources on the sign-on page and the profile management page Use the up and down arrows to reorder them.

    Make a note of the values defined here. In a later step, you will create a rule for each authentication source in an identity provider (IdP) authentication policy. Each rule forms a policy path that initiates the authentication process.

  2. Configure storage settings for attributes received from third-party IdP.
    Note:

    The attribute storage settings are inapplicable and not shown if neither Enable Registration nor Enable Profile Management check box not selected on the Profile Info tab.

    • If storing attributes, on the Authentication Sources tab, select the Store Attributes check box.

      This check box is not selected by default.

    • If you want attributes retained after users disconnect third-party IdP from their accounts, select the Keep Attributes After Users Disconnect check box.

      This check box is not selected by default.

    • If you want attributes updated as users authenticate, select the Update Attributes When Users Authenticate check box and enter a value in the Minimum Number of Days Between Updates field.

      The Update Attributes When Users Authenticate check box is not selected by default, and the Minimum Number of Days Between Updates field has no default value.

  3. When finished, click Next.