Adding a social identity provider

Add a social identity provider to enable users to sign in to applications that use their existing social accounts. Social login is a common form of authentication where the users identities are verified against user information that is managed by social network providers or services. The user information is federated in Verify, which eliminates the need to manually create accounts in Verify. Most users prefer to do a social login so that they do not have to create new accounts to access a site and it is typically easier for them to remember their social account credentials. The purpose for this options is to enable users just authenticates their log session that requires working in browser window dependency. It allows Verify to encrypt the log session of the user and generating an open session without

1. Select Authentication > Identity providers. Select Add identity provider.
2. Select from the following social Identity providers and select Next.
   • Apple
   • Baidu
   • Facebook
   • GitHub
   • Google
   • LinkedIn
   • QQ
   • Renren
   • WeChat
   • Weibo
   • X
   • Yahoo
3. Specify the basic information.

   Table 1. Basic information

   Information	Descriptions
   Name	The name that you assign to represent the user registry that is used by identity providers such as Microsoft Active Directory, Microsoft Azure Active Directory, or others. If there is more than one identity provider that is configured and enabled, the identity provider name is displayed in the Verify Sign In page. This information is also displayed in the Directory > Users & Groups > Users tab, Add User dialog box, when you select an Identity Provider.
   Realm	It is an identity provider attribute that helps distinguish users from multiple identity providers that have the same username. For the following Identity providers Apple, the realm value is www.apple.com. Baidu, the realm value is www.baidu.com. Facebook, the realm value is www.facebook.com. GitHub, the realm value is www.github.com. Google, the realm value is www.google.com. LinkedIn, the realm value is www.linkedin.com. QQ, the realm value is www.qq.com. Renren, the realm value is www.renren.com. WeChat, the realm value is www.wechat.com. Weibo, the realm value is www.wiebo.com. X, the realm value is www.twitter.com. Yahoo, the realm value is www.yahoo.com.
   ID	An ID is generated for the identity provider when you select Save.
   Enabled	Indicates whether the identity provider is active and available. If turned Off, the identity provider is not configured as a sign-in option. The users cannot use the configured identity provider to sign in to the target application. If you select On in the Administration console, it is partially enabled. This setting does not automatically enable this source for all application. You must select this source for the individual applications.

4. On the To identity provider section, provide the social identity provider with certain data about your application. After which, provide Verify with information about your application and add OAuth 2.0 assertion grant type redirect URI on your Administration console.
   • Configuring your application in Apple
   • Configuring your application in Baidu
   • Configuring your application in Facebook
   • Configuring your application in GitHub
   • Configuring your application in Google
   • Configuring your application at LinkedIn
   • Configuring your application in QQ
   • Configuring your application in Renren
   • Configuring your application in X
   • Configuring your application in WeChat
   • Configuring your application in Weibo
   • Configuring your application in Yahoo
   • Configuring OpenID Connect single sign-on in the custom application
5. On the From identity provider section, provide the following information.
   1. Provide the Client ID or API key, and Client secret or App secret that you received when you registered your application with the identity provider.
      The terms might vary depending on your social identity provider.
   2. Optional: Add or remove scopes to control how the application is used.
      Add by pressing Enter or Return depending on the OS input that your Administration console requires to commit.

      Note: Verify does not support scope customization with X.
6. Select Next to continue the configuration or Back for reviewing or changing your tenant.
7. Enable just-in-time-provisioning.
   If the user account is not found in the primary identity provider, this option creates a shadow account in that primary realm.
8. Enable Identity linking.
   Turns on identity linking for a specific identity provider. Shadow accounts are not created in Cloud Directory at the realm that was specified for this identity provider.

   Note:

   1. You cannot enable linking on the identity provider that is set as your default identity provider.
   2. You cannot disable or delete your default linking identity provider.
   3. Since you enable Identity linking that automatically add the Unique user identifier to the scopes.
9. If you enabled identity linking, specify a unique user identifier.
   Select an attribute from the menu that acts as the identifier for the linked account.
10. Select Done.
    The identity provider configuration opens in edit mode.
11. Optional: If you enabled public preview CI-108233, under User invitations, select whether to enable user invitations.
    Invitations are created and sent by using POST /v1.0/usc/user/invitation? APIs. See Inviting users. Select the Enable user invitations check box to invite others to register as new users. You can also select a user profile for the user to enter more data as part of accepting the invitation. See Managing user profiles.