Welcome to The Identity Hub

Summary

In this topic you will get an overview of the minimum configuration you need to perform to allow users to login to your application using The Identity Hub - {tenant}.

Contents

  • Components of The Identity Hub
  • Objectives
  • Summary of Steps
  • Step 1 - Activate and configure an Account Provider for {tenant}
  • Step 2 - Sign into The Identity Hub - {tenant} using the Account Provider
  • Step 3 - Create an App
  • Step 4 - Connect your application to The Identity Hub - {tenant}
  • Step 5 - Get information about a logged in user

Components of The Identity Hub

  • Apps

    Definition of your applications in The Identity Hub. These application can be Mobile Applications on iOS, Windows Phone, Android..., Web Applications, SharePoint, Windows Store Apps, Legacy Applications... .

    The applications can communicate with The Identity Hub and its API using the OAuth 2 and/or WS-Federation protocol.

  • Account Provider

    Definition of the methods the users of your applications can use to authenticate. These can be social providers like Facebook, Microsoft Account, Twitter, Google..., Active Directory (ADFS), Office 365, Legacy User Store and any provider that can federate using the WS-Federation protocol.

    Protocols available are OAuth 1, OAuth 2 and WS-Federation.

  • Identity API

    Your application can get information about users through the The Identity Hub Identity API. See How To: Call The Identity Hub API for more information.

  • Two Factor Authentication

    The Identity Hub can provide Two Factor Authentication on top of any of the configured Account Providers.

  • Friends

    The Identity Hub can identify relationships between users. For example users who are friends on Facebook or Google. You can access this information through The Identity Hub API. See How To: Call The Identity Hub API for more information.

  • Geolocation

    The Identity Hub can collect (when permitted) information about the users location. You can access this information through The Identity Hub API. See How To: Call The Identity Hub API for more information.

Objectives

  • Create and configure an Account Provider and an App
  • Sign into The Identity Hub - {tenant} using the configured Account Provider
  • Sign into your application using The Identity Hub - {tenant}

Summary of Steps

  • Step 1 - Activate and configure an Account Provider for {tenant}
  • Step 2 - Sign into The Identity Hub - {tenant} using the Account Provider
  • Step 3 - Create an App
  • Step 4 - Connect your application to The Identity Hub - {tenant}
  • Step 5 - Get information about a logged in user

Step 1 - Activate and configure an Account Provider

In this step you will activate and configure an Account Provider. An Account Provider allows your user to login using a specific method (Facebook, Microsoft Account...).

For more information about Account Providers see How To: What is an Account Provider?.

This How-To topic only provides an overview. For more detailed information about activating an Account Provider and the configuration parameters see How To: Activate an Account Provider?.

  • Navigate to the Account Providers Admin Page and click on Add.

  • Click one of the available Account Providers to connect to.

    Currently Available are: Facebook, Google, Microsoft Account, Office 365, Twitter, Linked In, PayPal, Instagram, My Digipass, any SAMLP or WS-FED capeable provider and a built-in Username/Password HUB Provider.

  • Depending on your choice you will have to supply on or more configuration parameters.

    The activate screen details the steps neccesary for the specific account provider.

    In the case of an OAuth Account Provider (e.g. Facebook) you will have to define an App in de the development portal of the Account Provider and supply The Identity Hub with the Id and Secret of the App.

    In case of the built-in Username/Password HUB Provider no configuration parameters need to be set.

  • Make sure Can be used to Sign In is checked. For more information on the "Can be used to Sign In" and "Can be used to link with" see How To: What is an Account Provider?.

  • Click Save. You will navigate to the list of Account Providers where the just activated Account Provider will be listed.


Step 2 - Sign into The Identity Hub - {tenant} using the Account Provider

  • If you are still signed in, click the Sign Out link in the top right. Navigate to the {tenant} Sign in Page.

  • Click on the Account Provider you just configured and perform a sign-in.

  • If you return to The Identity Hub - {tenant} and arrive on your profile page showing your information, your Account Provider was configured correctly.

  • Click the Sign Out link in the top right and sign-in with your administrative account.


Step 3 - Create an App

In this step you will create and configure an App. An App is your application that will use The Identity Hub - {tenant} to authenticate users. For more information see How To: What is an App?

  • Navigate to the Apps Admin Page and click on Add.

  • Provide the following information
    • Name: The name of the app. In case of OAuth this name will be show on the user (resource owner) consent page.

    • Description: The description of the app. In case of OAuth this description will be show on the user (resource owner) consent page.

  • Depending on wether your application will use OAuth or WS-Federation to connect to The Identity Hub - {tenant} you will have to provide the following parameters.

    OAuth

    • Token life time: The time a token remains valid after it is created in hours and minutes.

    • Redirection Uri: One of more uri that are valid redirect uri for your application (OAuth Client). Place each url on a seperate line.

    WS-Federation

    • Relying Party Realm: The urn your application (Relying Party) will use to identify itself.

    • Reply Uri: One of more valid reply uri for your application (Relying Party). Place each url on a seperate line.

    • Relying Party Certificate: The public key of the certificate your application (Relying Party) will use to encrypt the sign-in request.

      It is recommended that you aquire and use a specific certificate, only used for this purpose.

    • Token Signing Certificate: The public/private key pair of the certiciate The Identity Hub - {tenant} will use to sign the sign-in response (SAML Token).

      It is recommended that you aquire and use a specific certificate, only used for this purpose.

    For more information on this see How To: Create an App.

  • Click Save. You will navigate to the detail page of the just created App.


Step 4 - Connect your application to The Identity Hub - {tenant}

Step 5 - Get information about a logged in user

See How To: Call The Identity Hub API