Connecting Identity Pool IDP

The Identity Pool IDP is a link between the Identity Pool and a specific workspace, allowing the users from a particular pool to log in to applications in the workspace where the IDP is registered.

Identity Pool IDP in a nutshell

The Identity Pool IDP is an ACP-native IDP, extending the Identity Pool user database on an ACP tenant, providing authentication and user registration functionality. Identity Pool IDPs are always a unique representation of exactly one Identity Pool in the workspace - you cannot connect multiple IDPs to the same Identity Pool.

Prerequisites

  • The Identity Pools feature must be enabled in your tenant
  • Identity Pool must be created in your tenant

Connect Identity Pool IDP

Basic configuration

  1. In your workspace, go to Identity Data > Identity Providers > Create Identity.

  2. Under User Pools, select the user pool for the Identity Provider.

  3. Give your user pool a name and click Save. The configuration form opens.

  4. Optionally, enable Authentication context caching.

    Tip

    You can enable the authentication context caching if you want ACP to store the user’s authentication data. If you do, specify the cache Time To Live as well. Learn more by reading Stateful authorization with ACP.

  5. Select Save.

    Result

    Your new IDP connection is created. Users can now authenticate via the OIDC-compliant IDP.

Configure advanced settings

Advanced settings contain optional features which may be necessary to use in specific cases.

  1. From the Identity Data > Identity Providers > YOUR_IDENTITY > Configuration page, select Advanced settings at the bottom.

  2. In the Authentication Method Reference you can select an authentication method to be written into the amr object returned by the IDP.

    The amr object is created if it doesn’t exist. If it exists, its values are replaced with the selected item.

  3. Select Save.

Attributes and mapping

In case of the Identity Pool IDP, please stick to the predefined configuration for attributes and mapping.

Test the IDP

  1. Open the user portal (to get the URL, go to Applications > Clients > User portal and copy the Redirect URL).

  2. Select your configured IDP. You have the following features at your disposal:

    • If you already have an active account, you can authenticate with your identifier (e-mail or phone) and the OTP or password (depending on which method is configured for the underlying Identity Pool).

    • You can register a new account if public registration is allowed by the underlying Identity Pool.

    • You can send OTPs or reset your password