PingAM Auth node reference

Select Identity Provider node

The Select Identity Provider node presents an end user with a list of configured, enabled, social identity providers to use for authentication.

Use this node with the Social Provider Handler node to use the Social Identity Provider Service.

Ping Identity Platform deployments only

You can configure this node to show only the identity providers the user has already associated with their account. This is useful, for example, in account claiming flows, where a user wants to associate a new social identity provider with an account that’s being authenticated through social authentication.

In cases such as account claiming, where the user has already authenticated once and is linking a new identity provider, the node only displays a local sign-in option if it detects that the user’s account has a password attribute.

Availability

Product Available?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Configuration

Property Usage

Include local authentication

Whether local authentication is included as a method for authenticating.

Offer only existing providers

Ping Identity Platform deployments only.

Enable this when the social identity provider choices offered should be limited to those already associated with a user object. Use this when a user is authenticating using a new social identity provider, and an account associated with that user already exists (also known as "account claiming").

Password attribute

Ping Identity Platform deployments only.

The attribute in the user object that stores a user’s password for use during local authentication.

Identity Attribute

Ping Identity Platform deployments only.

The attribute used to identify an existing user. Required to support the offer of only existing providers.

Filter Enabled Providers

By default, the node displays all identity providers marked as Enabled in the Social Identity Provider Service as a selectable option. Specify the name of one of more providers to filter the list.

View the names of your configured social identity providers in AM admin UI under Realms > Realm name > Services > Social Identity Provider Service > Secondary Configurations.

If this field is not empty, providers must be in the list and must be enabled in the Social Identity Provider service to appear. If left blank, the node displays all enabled providers.

Outputs

The node writes the selected social identity provider to the shared state in the SELECTED_IDP key.

Callbacks

The node sends a SelectIdPCallback to display the list of social identity providers to the end user. This callback is sent only if there’s more than one provider configured, or if a single provider is configured and Local Authentication is enabled.

Learn more in SelectIdPCallback.

Outcomes

The node has two possible outcomes:

  • Social Authentication

  • Local Authentication

To turn off local authentication, deselect Include local authentication in the node configuration.

Errors

This node doesn’t log any error or warning messages of its own.