Skip to main content

Identity Provider

Description

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

An Identity Provider is responsible for identifying users. Also, it is responsible for giving service providers information regarding the identifed use.

To create an identity provider, it is advisable to install a dedicated sync server. It can be configured as a proxy sync server as it does not need direct access to Soffid database. Instead, it will connect to main sync server to get users and federation information.

For more information about how to config a dedicated sync server you can visit the Install Sync server page.

Standard attributes

Identification

Those fields will be commons regardless of the IdP type you select.

  • IdP type: identifies the identity provider type. Currently there are six types:
    • Soffid IdP: identifies the identity provider implemented by Soffid. Soffid IdP implements both OpenID-Connect and SAML.
    • External SAML IdP: is used to identity providers not implemented by Soffid. For instance, it could be an ADFS (Active Directory Federation Services) or Shibboleth identity provider.
    • OpenID-Connect: is used for third-party identity providers, like ADFS.
    • Facebook: if you select that option, Oauth2 will be used to identify Facebook users. You will need to register Soffid as a Facebook application to use it.
    • Google: if you select that option OpenID-Connect will be used to identify Google users. You will need to register Soffid as a Google application to use it.
    • Linkedin: if you select that option, Oauth2 will be used to identify Linkedin users. You will need to register Soffid as a Linkedin application to use it.
  • publicID: unique name to identify the identity provider.
  • Name: friendly user name.
  • Organization: company name of the external IdP.
  • Contact: email address of the external IdP.
Profiles

A profile is a protocol or subset of protocols implemented by the Identity Provider. There are some accepted protocols, those allows a custom config dependent on the selected profile.

  • OpenIDProfile
  • SAML1ArtifactResolutionProfile
  • SAML1AttributeQueryProfile
  • SAML2ArtifactResolutionProfile
  • SAML2AttributeQueryProfile
  • SAML2ECPProfile
  • SAML2SSOProfile

You can visit the Profiles chapter for more information about each one.

Other Attributes

The fields for each IdP type are detailed below: