You are here

Configuring the Identity Service with external identity providers

It is possible to configure the Identity Service to use an existing identity provider using protocols such as SAML 2.0 or OAuth 2.0.

PingFederate and OpenLDAP are two commonly used identity providers and configuration steps have been provided for each use case:

PingFederate

You can configure the Identity Service to use PingFederate as a Security Assertion Markup Language (SAML) identity provider. This allows you to authenticate with Alfresco applications using your existing credentials, so you can enjoy the benefits of Single Sign On (SSO).

There are three main stages to this configuration:
  • Obtain your PingFederate parameters/settings
  • Add SAML as an identity provider in the Identity Service
  • Configure the PingFederate connection in the Identity Service

Complete steps for configuring PingFederate are available in the Alfresco/alfresco-identity-service GitHub project documentation.

OpenLDAP

You can configure the Identity Service to use OpenLDAP as an LDAP identity provider (IdP), known as User Federation. This allows you to configure user synchronization between the Identity Service and OpenLDAP, so that users in the Identity Service are consistent with the users in the supported LDAP provider.

Complete steps for configuring OpenLDAP are available in the Alfresco/alfresco-identity-service GitHub project documentation.

Once an identity provider is configured, when a user attempts to authenticate against an Alfresco product they will be redirected to the sign in page for the Identity Service. By default, this sign in page has an Alfresco theme.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.