An identity provider (IdP) authenticates users into HelloID on behalf of another system. Active Directory is the most common IdP for HelloID, but other IdPs can also be used, such as Google G Suite or Microsoft Azure AD. If no IdPs are configured for HelloID, users can only authenticate as local user accounts. Most commonly, your IdP will also be the directory system from which you sync users to HelloID.
IMPORTANT: If you already configured Microsoft Active Directory in the previous article, Synchronize & manage Active Directory user accounts, then you can likely skip this article. In that case, you only need to add additional IdP(s) if your synchronized AD users need to authenticate into HelloID via an IdP other than AD itself. However, if you're using an IdP other than Active Directory, you will need to follow the below instructions. You may also need to write a custom PowerShell task to synchronize your users to HelloID if the identity provider doesn't come with a built-in sync task, or if you need to sync users from a directory system other than the IdP.
Add an Identity Provider
- To show the configured identity providers, go to Security > Authentication > Identity providers.
- Select the Create Provider button.
- This will bring up the Identity Provider Catalog. From here, select the Add button for the IdP that best suits your organization's needs.
Specific instructions for each IdP are outside the scope of this article. Continue from here with detailed setup guides for specific IdPs, the IdP overview article, or the IdP configuration reference.
Control Access with Portal Access Rules
No matter which IdP you choose, you can control how it is offered to users and how it displays for them by setting up a portal access rule. These rules let you allow or block access to your HelloID portal based on a number of criteria. In the context of an IdP, however, you may want to hide or show an IdP based on the network or physical location of the end user. For example, you may want to hide an IdP option from users who access your portal from outside of your organization's network. You can learn more about portal access rules here.