Connect external identity providers

When you set up 10Duke Enterprise to trust user authentication done by an external identity provider, you must define a connection for each identity provider on the External identity providers page in 10Duke SysAdmin.

If your client application authenticates directly with the identity provider, some of the connection settings are not needed.

For 10Duke Enterprise, the key requirements are that wherever the data on an authenticated user comes from, 10Duke Enterprise must know which identity provider authenticated the user, whether the identity provider is a trusted party, and how to interpret the user data received and map it to the user account details in 10Duke Enterprise. When communicating directly with the identity provider, 10Duke Enterprise must also know how to connect to it.

Supported protocols

10Duke Enterprise supports connecting to identity providers using the OpenID Connect (OIDC)/OAuth 2.0 and Security Assertion Markup Language (SAML) protocols.

We recommend using OIDC as it’s easier to implement.

User provisioning

In addition to user authentication, you can provision the authenticated users from the identity provider to 10Duke Enterprise and keep the user data in sync. You enable or disable user provisioning in each identity provider’s connection settings in SysAdmin.

By default, the minimum data that the external identity provider must provide on a user is the user’s first name, last name, and email address. If needed, contact the 10Duke Integration Support team.

You can also automatically add the users to an organization’s user groups and grant an organization’s roles to the user. You can choose if groups and roles are only added for the user when they first log in, or if their groups and roles are updated at every login.

If you don’t enable user provisioning, users must be created in 10Duke Enterprise in advance for authentication to work, and the user information will also be maintained in 10Duke Enterprise.

View connections to identity providers

To view currently defined connections and set up new ones, go to IDENTITY > External identity providers in the left sidebar.

See more