Assigning Identifier-First Authentication (IFA) to themes

Edit online

When your Identifier‑First Authentication (IFA) flow is published in flow designer, you must update the desired themes to customize the login experience to use it.

Before you begin

You must have administrative permission to complete this task.
Log in to the IBM® Verify administration console.
You must have a published IFA flow. For more information, see Configuring Identifier-First-Authentication (IFA).

About this task

Update your desired themes to customize the login experience by updating the following HTML page: template/authentication/login/identity sources/identity source selection/combined_login_selection.html.

The Verify branding feature supports modifying theme HTML files and allows inline JavaScript, so you can add a script that starts your IFA flow directly from the login page. Theme packages are updated by downloading the theme.zip, editing its files, and re‑uploading the .zip file through the branding API.

Procedure

Download your existing theme.

Themes can be updated either through the Verify UI or the branding API.

Use Verify UI

If you already have a theme that contains the IFA redirect script (updated through API or created by your developer team), you can assign it to your applications directly in the UI.
1. Navigate to User experience > Branding.
2. Click Create custom theme.
3. Click Download master template files, then extract the .zip file locally.
  These files include the login templates you will customize.
4. Add the JavaScript that starts your IFA flow.
  In the appropriate login template, add
```
<script>  window.location.href = "https://<tenant>/v1.0/flows/<flowID>/start"; </script>  
```
  .
5. Re‑zip the customized template files.
  
  Note: Keep the folder structure intact and zip the root directory.
6. Back in the window, click Upload file, and choose your .zip file.
7. Enter a theme name, and click Create theme.
Use the branding API
1. Request the theme package:
```
GET https://<tenant>/v1.0/branding/themes/<themeID>
```
  . Include a valid access token. The theme downloads as a .zip file containing all of the theme templates.
2. Extract the .zip file locally to view and edit the templates.
Inside the extracted folder, locate the login page template.
Path names vary by theme, but the login template is usually under:
```
/templates/authentication/login/cloud_directory/default/login.html
/templates/authentication/login/saml/default/login.html
/templates/authentication/login/oidc/default/login.html

 
```
Modify the login template to redirect users to your published IFA flow (using the trigger URL from Configuring Identifier-First Authentication).
In the login.html file, add inline <script> that redirects users to your published IFA flow URL.
For example:
```
<script>
  window.location.href = "https://<tenant>/v1.0/flows/<flowID>/start";
</script>

 
```
Re-zip the theme folder in its original layout.

Upload the updated theme using the branding API:

curl -X PUT 'https://<tenant>/v1.0/branding/themes/<themeID>' \
  --header 'Content-Type: multipart/form-data' \
  -F 'configuration=@themeConfiguration.json' \
  -F 'files=@updatedTheme.zip' \
  -H 'Authorization: Bearer <access_token>'

When the theme is uploaded:
1. Navigate to Applications > Applications in the administration tenant.
2. Open the application that should use the IFA flow.
3. Go to the Theme field in the application's settings.
4. Select the updated theme.
Test if your theme redirects into your IFA flow.
If it does not, double‑check the script placement and ensure the correct flow trigger URL was added.

Results

You have completed assigning Identifier-First Authentication (IFA) flow to themes.

What to do next

Configure the invitation workflow. See, Setting up an invitation workflow.