BYOI: Bring Your Own Identity with LoginRadius SSO Identity Providers
Use LoginRadius as a single identity provider, allowing a single sign-on to multiple applications.
Using LoginRadius as your identity provider, you can provide your customers with seamless one-click (single sign-on) access to a number of applications.
LoginRadius integrates your OAuth 2 client with LoginRadius. OAuth 2.0 (RFC 6749) is a set of standardized flows that allow you to use LoginRadius as an identity provider for your services. This setup allows customers to seamlessly log in to your application using a standard procedure.
In other words, you can set up customized login providers for your website, where customers can use an existing account to log in, rather than going through the process of setting up a new account on your web properties.
The Technology Behind It All
OAuth (Open Authentication) 2 is a framework that authorizes and enables applications to obtain limited access to a user’s accounts on an HTTP service such as Facebook, GitHub, or DigitalOcean.
OAuth authorizes third-party applications to access the user’s account by delegating user authentication to the service that hosts the user account. From an application developer’s point of view, a server’s API (in this case, LoginRadius) fulfills both the resource and authorization server roles (as the service provider and identity provider). There will be a simple use case a little later on to show this setup in action.
Why BYOI?
Many of your customers have an identity or account with an existing provider, and BYOI lets you provide a way for customers to use an account they already have, rather than creating a new one. By allowing your customers to log in with an existing set of credentials, you are making it simple and effortless for them to sign up for an account with you, increasing your overall conversion rate.
When you set up a custom identity provider, you are enhancing the customer experience by offering them with more choice and convenience.
With a custom identity provider, you get the valuable first-party data that is being collected through the authentication source. This is essentially a win-win situation, where your customers can easily sign up and enjoy the benefits of having an account with you, and you can gather additional data that you would otherwise not have access to.
The possibilities are endless with the data gathered, but most importantly it will provide you with a deeper understanding of your audience. Tailor the messaging and online experience to provide an even better online experience for your customers.
BYOI means that you can set up your login and registration page with anything that provides credentials for your customers to log in to your website. A few examples of custom identity providers you can set up include:
- Spotify—if you have a music or podcast related service
- Slack—team collaboration service
- Doximity—a network of healthcare providers
- WeChat—lifestyle application
How Do Custom Identity Providers Work in Real Life?
BroadcastMed has been innovating digital strategies for healthcare providers and organizations for over 20 years. Being at the forefront of innovation in their industry, the team at BroadcastMed was looking for a way to improve their registration system for a better customer experience and partner connectivity while ensuring data security.
One of the key ways to improve customer experience was by implementing a single sign-on (SSO) solution across the BroadcastMed digital ecosystem. As their customer base consists of certified healthcare providers, they wanted a way to incorporate the verification of the healthcare providers directly on their login page.
In comes the BYOI or the custom identity solution. The simplest way of achieving what they were looking for was to integrate login via Doximity on their authentication page. Doximity is a network for certified healthcare professionals where users can only join with a verified identification number.
With the Doximity login, customers are able to create an account and log in to access the wealth of educational content that BroadcastMed has to offer with a simple click of a button. No more long registration forms to fill out their professional details for verification purposes.
By adding Doximity as a login method, not only did BroadcastMed remove the hassle of filling out a detailed registration form for their customers, they also gained first-hand data about their customer’s professional background and areas of medical expertise. With this information readily available, they are able to suggest more relevant content for their users and provide a better, more personal, customer experience.
The Doximity login works similarly to a social login, where customers click on the Doximity button and are prompted to enter their Doximity credentials. The highlight here is that you can set up a custom provider to be anything you want, from the most common to unique and niche platforms.
How Does LoginRadius Work with Identity Providers?
LoginRadius uses OAuth 2.0 technology, which is the industry standard.
In most cases, LoginRadius acts both as a service provider (SP, receiving the credentials from a third party rather than authenticating) AND an identity provider (IDP, relaying the authentication and verification to the website).
Here’s what happens:
- LoginRadius, as the SP, receives the customer’s request to log in with the third-party provider.
- The third-party provider then sends the identity authentication details to LoginRadius with the approval to authorize the customer.
- LoginRadius receives the identity and authorization from the third-party provider to log the customer in.
- LoginRadius, now acting as the IDP, sends this identity information to the website to enable it to authenticate the customer.
- The customer is logged in with existing credentials from a third-party application.
With the custom identity provider solution from LoginRadius, the possibilities are endless in how you can set up your login flows to best serve the needs of your customers and meet your business goals. LoginRadius can integrate with any provider, so you can give your customers convenience and choice while having an optimized back-end infrastructure to ensure an automated and streamlined SSO flow between systems.
*** This is a Security Bloggers Network syndicated blog from LoginRadius authored by Alice Liang. Read the original post at: https://www.loginradius.com/blog/2019/05/sso-identity-providers/