Identity broker
Users can log in from external identity providers (IDP) using OAuth, OpenID Connect, or SAML. Examples of these federated logins include:
- Social IDPs (Apple, Facebook, Google)
- Government-issued IDs or wallets (eIDs)
- Enterprise IDPs (Microsoft Entra ID)
In such cases, the OneWelcome Identity Platform issues and signs the token as the main IDP.
User accounts are created in the identity store with the data received from the external IDP at the time that a protected resource or application is requested.
For example, when a user logs in via an external IDP, the OneWelcome Identity Platform creates the user's account in the identity store just in time by using the information received from the IDP. If updates to the user's account are allowed, then each time the user logs in via the external IDP, their data in the identity store is updated.