Skip to main content

Custom IDP

Overview

This document provides an overview of Custom Identity Providers (Custom IDPs) within the LoginRadius Identity Platform. It outlines the supported authentication and authorization protocols, the integration process, and the necessary configurations to set up Custom IDPs.

Use Cases of Custom IdP in Businesses

Custom Identity Providers offer significant advantages for businesses that:

  1. Leverage Existing Identity: Enable users to authenticate using credentials from other platforms.
  2. Simplify Integration: Enable seamless integration of third-party identity providers, making it easier to adopt existing systems.
  3. Ensure Centralized Authentication: Consolidate platform identity management, ensuring consistency and security.
  4. Support Diverse Protocols: Utilize authentication standards like OAuth2, JWT, or SAML to meet specific business needs.

LoginRadius Workflow with Custom IDP

This workflow illustrates the integration of LoginRadius with a Custom Identity Provider (IdP) for secure authentication and access management.

  1. User Request Initiation: A user attempts to access a protected resource within the application.
  2. Authentication Forwarding:
    • The application sends an authentication request to LoginRadius to verify whether the user is authenticated or requires login.
    • LoginRadius then forwards the request to the configured custom IDP (e.g., Azure AD, Okta, or a custom SAML/OAuth provider).
  3. Authentication Validation: The custom IDP validates the user credentials and returns the authentication status to LoginRadius.
  4. Response Relay: LoginRadius relays the same authentication response (user status: "authenticated/authorized") to Your Application.
  5. Resource Access: Once authentication is confirmed, your application grants the user access to the requested resource.

This workflow ensures security and leverages the LoginRadius platform as a middleware for efficient authentication processes.

Integration with LoginRadius

LoginRadius streamlines identity provider integration through two approaches: Pre-Built Custom IDps featuring ready-to-use templates and Standard Custom IDps offering flexible configurations with industry-standard protocols. To get started, navigate to Authentication > Custom IDP Interface in the LoginRadius Admin Console, where you can add, manage, and configure your Custom Identity Providers (IdPs).

Standard Custom IDP protocols

For businesses requiring integration with a custom identity provider not listed in the default options, LoginRadius supports the following configurations. Clicking on each provider in the dashboard will redirect you to a detailed guide for configuring that provider.

Supported Protocols for Custom IDPs:

  1. SAML Provider:
    • Security Assertion Markup Language (SAML) is a standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). For more details on SAML Provider, refer to the following documentation.
    • Usage with LoginRadius: This configuration enables businesses to integrate with custom identity providers that support the SAML protocol, facilitating seamless single sign-on (SSO) and secure authentication. When integrating a third-party custom identity provider using SAML, the configured provider acts as the Identity Provider (IdP).
  2. JWT Provider:
    • JSON Web Token (JWT) is a compact and self-contained way of transmitting information securely as a JSON object. The information can be verified and trusted because it is digitally signed using a secret or public/private key pair. For more details on JWT Provider, refer to the following documentation.
    • Usage with LoginRadius: JWT is widely used in B2C single sign-on (SSO) applications. With this setup, your customers can log into apps that support JWT-based authentication, ensuring secure, scalable, and efficient session management.
  3. ADFS Provider:
    • Active Directory Federation Services (ADFS) is a single sign-on solution developed by Microsoft that allows users to access multiple applications with your server's handlest of credentials. For more details on JWT Provider, refer to the following documentation.
    • Usage with LoginRadius: This configuration is designed for businesses that integrate LoginRadius with custom ADFS-based identity providers. It ensures that the user's access control is encrypted via ADFS.
  4. OAuth Provider:
    • OAuth 2.0 is an industry-standard protocol for authorization delegation. It enables third-party applications to access a customer's resources stored with another service without sharing the user's credentials. For more details on JWT Provider, refer to the following documentation.
    • Usage with LoginRadius: Businesses can configure OAuth-based custom identity providers to allow secure resource access and authorization without compromising user credentials

Pre-Built Custom IDPs

LoginRadius offers pre-configured templates that make managing your Custom Identity Provider integrations simple and efficient. With these templates, you can quickly set up integrations, enabling users to log in once and seamlessly access multiple applications. Currently, LoginRadius provides pre-built integration templates for the following providers:

  • Salesforce
  • Azure AD
  • Google Workspace
  • PingIdentity
  • Okta

Besides protocol-based configurations, LoginRadius supports direct integrations with custom IDPs. For more information on integrations, refer to the Pre-Built Connections documentation.

Examples of a few Custom IDPs:

LoginRadius supports a variety of custom identity providers, allowing businesses to extend authentication capabilities.

  • Doximity: Provides authentication for healthcare professionals.
  • Alipay: Supports payment-based identity verification.
  • AWS Cognito: Provides user authentication, authorization, and user management for web and mobile apps.
  • WeChat: Offers login capabilities through China’s popular social platform.

Managing Existing Custom IDPs in LoginRadius

All the configured custom IDP providers can be managed from the Admin console’s Authentication > custom IDP interface. You can view and manage the configurations for each Custom IDP. Below is a breakdown of the key elements visible in this section:

Key Components

  1. Provider Name
    • The name of the Custom IDP reflects how the identity provider is identified in the system.
  2. Protocol
    • The following is the list of protocols supported by the IDP. Example
      • OAUTH: For OAuth-based authentication.
      • JWT: For JSON Web Token-based authentication.
      • SAML: For SAML-based authentication.
  3. Integration Type
    • Displays the integration type for each IDP.
  4. Action Menu
    • Provides additional options for each IDP, such as:
      • Editing the configuration.
      • Deleting the IDP.