Integrating identity providers
An Identity Broker is an intermediary service connecting service providers with identity providers. The identity broker creates a relationship with an external identity provider to use the provider’s identities to access the internal services the service provider exposes.
From a user perspective, identity brokers provide a user-centric, centralized way to manage identities for security domains and realms. You can link an account with one or more identities from identity providers or create an account based on the identity information from them.
An identity provider derives from a specific protocol used to authenticate and send authentication and authorization information to users. It can be:
- A social provider such as Facebook, Google, or Twitter.
- A business partner whose users need to access your services.
- A cloud-based identity service you want to integrate.
Typically, SafeNet Access Exchange bases identity providers on the following protocols:
-
SAML v2.0
-
OpenID Connect v1.0
-
Auth v2.0
Default Identity Provider
SafeNet Access Exchange can redirect to an identity provider rather than displaying the login form. To enable this redirection:
Procedure
-
Click Authentication in the menu.
-
Click the Browser flow.
-
Click the gear icon on the Identity Provider Redirector row.
-
Set Default Identity Provider to the identity provider you want to redirect the users.
General configuration
The foundations of the identity broker configuration are identity providers (IDPs). SafeNet Access Exchange creates identity providers for each realm and enables them for every application by default. Users from a realm can use any of the registered identity providers when signing in to an application.
Procedure
-
Click Identity Providers in the menu.
-
Select an identity provider. SafeNet Access Exchange displays the configuration page for the identity provider you selected.
-
Add Facebook identity Provider.
When you configure an identity provider, the identity provider appears on the SafeNet Access Exchange login page as an option. You can place custom icons on the login screen for each identity provider.
