Identity federation

For happy customers

Enterprises are not isolated islands and often need to deal with external identities, in customer and partner-facing applications. The Connect2id server supports multiple flexible pathways for accepting users signed in with approved external providers, a process that is called identity federation. The seamlessness of this process is key to happy customers and efficient relationships with business partners, so we recommend your pay special attention to this.

What are the typical federation scenarios?

  • Social logins for consumer apps: Consumer applications can greatly benefit from accepting logins from Facebook, Twitter, Google and the like. Once the visitor is logged in with their preferred social networking site, the Connect2id server establishes a local identity for them, for use by all participating applications.

  • B2B integration: Partner and supplier-facing applications can also benefit from letting users sign in with their established workplace identity. The rationale is simple - streamline B2B interactions across your enterprise ecosystem.

Technology-agnostic federation

The Connect2id server can integrate user identities from any external provider that is trusted to a specific level. Standard as well as proprietary and legacy technologies are supported.

  • OpenID — federate logins via OpenID Connect and outdated versions such as OpenID 1.0 and 2.0

  • OAuth 2.0 pseudo-authentication — federate identities from providers that rely on a custom protocol for pseudo-authentication based on the OAuth 2.0 flows

  • SAML 2.0 bearer assertion — use existing SAML Identity Provider (IdP) and Service Provider (SP) infrastructure to exchange SAML 2.0 assertions for OAuth 2.0 access tokens

  • JWT bearer assertion — use a JSON Web Token (JWT) issued by a third-party (typically a recognised Security Token Service (STS)) to request OAuth 2.0 access tokens for protected resources managed by the Connect2id server

  • Any other login method which produces a user ID — the Connect2id server provides a special endpoint for integrating custom / legacy identity protocols in order to obtain a local ID and / or access token.