LoginRadius as Custom IDP With Another LoginRadius Application
LoginRadius supports acting as an Identity Provider (IDP) and a Service Provider (SP) using industry-standard protocols like OAuth, SAML, OIDC, and JWT. This guide outlines configuring one LoginRadius app as a custom OAuth IDP to enable single sign-on (SSO) with another LoginRadius app.
Key Features
-
Use LoginRadius as both IDP and SP
-
OAuth-based SSO between two LoginRadius applications
-
Unified identity across apps with shared session capability
-
Profile mapping from one tenant to another
Use-Cases
-
Multi-brand companies with distinct LoginRadius sites looking to unify authentication.
-
Organizations using separate LoginRadius apps for staging and production environments.
-
Identity orchestration between region-specific LoginRadius tenants.
-
Centralized login with delegated access to other business units.
Service Provider (SP) LoginRadius App Setup
Follow the below steps to configure the service provider settings in LoginRadius:
-
Go to Authentication > Custom IDPs in the LoginRadius Console
-
Click Add Custom IDP → Select Custom OAUTH Provider.
-
Fill in the following fields:
| Field | Value |
|---|---|
| Provider Name | e.g., LR-OAuth |
| Customer Login Endpoint | https://cloud-api.loginradius.com/sso/oauth/redirect |
| Access Token Endpoint | https://cloud-api.loginradius.com/sso/oauth/access_token |
| Application Key | API Key of the IDP LoginRadius App (get from Admin Console) |
| Application Secret | API Secret of the IDP LoginRadius App |
| Scope | email |
| Response Type | code |
| Customer Profile Endpoint | https://api.loginradius.com/identity/v2/auth/account?apiKey=<IDP_API_KEY> |
| Request Token HTTP Method | POST |
- Query Parameter:
| Key | Value |
|---|---|
| access_token | #accesstoken# |
- Data Mapping:
| LoginRadius Field | Value |
|---|---|
| ID | Uid |
| Email[0].Value |
- Click Save to complete setup.
Integration Details
-
The IDP and SP apps must be under the same or connected accounts (LoginRadius tenants)
-
Ensure the IDP site has active users and that API access is enabled.
-
Scopes and mappings must align to provide valid login responses.
Test the Integration
You can test the set up by following the below steps:
- Navigate to the IDX of the SP App:
https://<sp-app-name>.hub.loginradius.com/
-
Click on the OAuth provider icon you configured.
-
You’ll be redirected to the LoginRadius IDP app for authentication.
-
After a successful login, you'll be redirected to the SP IDX profile page, which will have an active session.
Best Practices
-
Use dedicated OAuth credentials per environment (dev/stage/prod)
-
Monitor login flow using the LoginRadius audit logs.
-
Keep API secrets secure and rotate them periodically.
-
Ensure both applications are using HTTPS in production.
-
Validate user profiles after login using the UID to enforce authorization logic.