Getting Started

This document will help you set up LoginRadius as a Customer Identity and Access Management (CIAM) solution for your application. While this walkthrough uses Identity Orchestration (IO) for its simplicity and no-code capabilities, by following this guide, you will be able to:

• Set up a new OAuth/OpenID Connect application
• Configure authentication methods (email, passwordless, social login, etc.)
• Create a custom brand theme that matches your website’s look and feel
• Build and deploy a front-end workflow using the low-code Workflow Editor

Identity Orchestration (IO)

LoginRadius Identity Orchestration (IO) enables you to go from zero to a fully working user journey with minimal setup, while giving you the flexibility to customize every part of the experience. IO empowers businesses to design and manage tailored identity workflows that align with their unique customer journeys.

Configure a New App

Start by creating a new application, choosing either the OIDC or OAuth protocol, and configuring the necessary parameters.

To create a new app

1. Navigate to Applications > Apps in the Console.

2. Under the Apps section, click on Add App to create a new application.

3. Enter a name for your app.

4. Select the protocol you want to use:

   • OpenID Connect 1.0
   • OAuth 2.0

5. Select the app type:

   • Native App
   • Machine-to-Machine App
   • Single Page App
   • Web App

6. Once you’ve selected the App type and other details, click Create. Your app will be created and ready for further configuration.

To configure the app

The default configuration parameters that appear depend on the type of app you selected. They consist mostly of standardized OAuth/OIDC parameters, many of which are optional.

Note: You can revisit this page and update your app configuration anytime.

LoginRadius recommends you configure at least the following parameters:

• Data Mapping - define which data points from LoginRadius will be mapped into the protocol bundle.

• Grant Type: Select one or more grant types to obtain access tokens.:

• Authorization Code

• Implicit

• Password Credentials

• Refresh Token

• Device Code

• Login Redirect URL (Optional): Provide whitelisted callback redirect URIs. If left blank, the redirect_uri will be validated against the globally configured Domains list in Tenant Settings

Refer to the OIDC and OAuth 2.0 documentation for additional information on application configuration parameters.

Once you’ve set up and configured your app, you must set up the authentication services you want to provide.

Set up authentication

You need to select which authentication types and methods you want to provide. You must enable at least one authentication type and one authentication method. You can also choose to allow authentication through social providers.

To set up authentication types and methods

• Navigate to Authentication > Authentication Configuration in the Console.

• Enable at least one authentication type:

  • Email: Allows users to register and log in with an email and password.
  • Phone: Enables login via mobile phone number with one-time password (OTP) sent via SMS.
  • Username: Supports registration and login using a username.

• Enable at least one authentication method:

  • Passwordless: Provides a seamless, secure login without traditional passwords.
  • Passkey: Uses biometrics or hardware security keys for password-free authentication.

To Enable Authentication through Social Login (Optional)

1. Go to Authentication > Social Providers.

2. Toggle on the desired social provider.

3. In the Configuration tab, enter your social provider’s settings.
   Note: Refer to the Setup Guide tab for step-by-step instructions on configuring your provider.

4. Click Save to apply the changes.

You can now enable authentication via this social provider for specific applications by navigating to Applications > [Select an App] > Connections.

Once you’ve set up your application and selected the authentication services you want to provide, you’re ready to tie your apps into a front-end workflow by creating a brand and a workflow.

For more detailed information, please refer to the Authentication documentation.

Create a brand

This section outlines how to create a custom brand that can be added to your workflow. Adding a brand customizes registration, authentication, forgot password, and MFA pages to create brand-specific experiences.

To create a new brand with a custom theme

1. Navigate to Orchestration > Theme Customization in the Console.

2. Select Add a New Brand.

3. To import an existing theme from your website, under AI Branding, enter your website URL and select Generate.
   LoginRadius automatically pulls theme information from your website, and it simplifies theme creation by analyzing your website and auto-generating a consistent user interface.

4. Customize theme settings as needed:

   • Brand name
   • Logo
   • Font Family
   • Color Palette

5. Select Save.

   Your brand is saved to your Brands list.

Once your brand is created, you’re ready to make a workflow and add your brand to it.

Deploying Identity Orchestration

Utilize the low-code workflow creation engine to create plug-and-play blocks for a rapid and straightforward workflow setup. After configuring your workflow, connect an app and brand, and generate a workflow URL for live preview or deployment.

To create a new workflow

1. Navigate to Orchestration > Workflows.

2. Select New Workflow.

3. Select a method to start setting up your workflow:

   • Templates: Choose from pre-built templates for common identity workflows, such as login and registration.
   • Editor: Create a workflow based on your custom requirements
   • Upload JSON: Upload your workflow JSON to import, modify, or reuse for your specific use case.

4. In the Add-Workflow dialog, enter your workflow name and description and select a brand.

5. Select Confirm.

6. In the workflow editor, you can configure your workflow by arranging, editing, and adding nodes to define the user journey. Supported node types include:

   • Authentication: Email/password, OAuth, SAML, JWT.
   • Service: Session management, webhooks, custom scripts.
   • Security: MFA setup, security policies.
   • Page: Custom user input forms.
   • Social Login: Social provider integration.
   • Helper: Utility nodes for additional logic.

7. Click Update to save and deploy the workflow.

The format of the URLs generated for workflows is:

https://<API_Domain>/workflow?workflowName=<workflow_name>&client_id=<client_id>&brand=<brand>&debugMode=<debug_mode>

• API Domain: The domain of the LoginRadius Hub.

  For more information on URL formatting parameters, please refer to the documentation.
  Before you deploy a workflow, preview it to see how it will appear to users.

Preview the workflow

1. In the workflow editor, select Preview, or select the workflow name in your list of workflows.

2. Select the OIDC/OAuth app that you have created in the previous steps, which you want to use with the workflow.

3. Select a brand for the workflow.
   Note: If you don’t select a brand, the default theme appears. Or, if you selected a brand when you initially created the workflow, that brand’s theme appears.

4. Select Preview.
   The URL can include various parameters to control workflow behavior. Below is a list of key parameters:

   • workflowName - The workflow name to be triggered. It can be found in the Admin Console by navigating to Orchestration > Workflows.
   • client_id - Client ID of the OIDC/OAuth application
   • brand - The name of the brand under which the workflow will be executed. Can be found in the Admin Console by going to Orchestration > Theme Customization
   • debugMode - To see the debug log during the workflow execution, use the flag true

For more detailed information on configuring IO workflows, refer to the IO Workflows Documentation.

Related Resources

• Authentication
• Identity Orchestration
• Hosted Pages