If you have already configured identity provider (IdP) connections or IdP adapters to connect with third-party identity providers, you can enhance the HTML Form Adapter sign-on page with the option to authenticate with these providers.
You configure an IdP authentication policy to chain the HTML Form Adapter instance and an authentication policy contract. Then the policy contract can harness attribute values returned by the HTML Form Adapter instance for multiple browser-based single sign-on (SSO) use cases through service provider (SP) connections, OAuth authorization code flow, and OAuth implicit flow.
The following procedure offers an example of how you could enhance the sign-on experience by giving users the option to authenticate with their local accounts or their existing accounts on a major social network to which you have already established an IdP connection. In this example, the social network is named "ACME".
You can also deploy and configure Cloud Identity Connectors to support identities from Facebook, Google, LinkedIn, or Twitter.
- Verify that the IdP connection to ACME returns the attributes required to complete the browser-based SSO use cases.
- Note which authentication policy contract your policy uses.
-
Create a local identity profile:
-
Configure the HTML Form Adapter instance for customer identities:
- Go to .
- On the IdP Adapters window, from the Instance Name list, click the HTMLFormAdapter instance.
- On the IdP Adapter tab, from the Local Identity Profile list, select a local identity profile.
- Complete the rest of the configuration and save all changes.
-
Modify your existing IdP authentication policy:
After you give users the option to authenticate with ACME without enabling registration, when users sign on through this HTML Form Adapter instance, the following sign-on page is presented.
If you also added Facebook, Google, LinkedIn, and Twitter as authentication sources, the following sign-on page is presented.