Assign a specific Identity Provider to a Web Portal URL

If your Identity Director environment uses:

it can be useful to assign a specific Identity Broker Identity Provider to each of those URLs.

This setup enables you to authenticate (for example):

  • users from group 'A' against ADFS 'A', by letting them access the Web Portal at https://portal-A.example.com/
  • users from group 'B' against Active Directory 'B', by letting them access the same Web Portal at https://portal-B.example.com/

The link to the Web Portal in the Windows Client will always connect to the default Web Portal URL.

Configuration

  1. Install the Identity Director Web Portal and Identity Broker.
  2. In the Identity Director Management Portal at Setup > General:
    • Create the Web Portal URLs that you need.
      For now, only fill the Host Names and the Redirection URLs with identical values.
      Example:
      For Web Portal URL 'A' from the example above, Host Name and Redirection URL should be https://portal-A.example.com/
    • Save your changes.
  3. In the Identity Broker Management Portal at Identity Consumers:
    • Verify that a consumer exists for the Identity Director Web Portal.
      If it does not exist, create it.
    • For this Identity Consumer, for each of the Web Portal URLs you created at step 2, create a Redirect URI with an identical value.
      By default, the corresponding Post Logout Redirect URI will be filled with the same value as its Redirect URI. Leave this for now, you can change it later if you wish.
    • Save your changes.
  4. In the Identity Broker Management Portal at Identity Providers:
    • Verify that the desired providers exist.
      If they do not exist, create them.
    • Verify that the Names of the Identity Providers DO NOT contain spaces.

      At the time of writing, the Names of Identity Providers that are created automatically by the Identity Director installer, unfortunately DO contain spaces.
      Please rename these providers if you want to assign them to a Web Portal URL.

    • Save your changes.
  5. In the Identity Director Management Portal at Setup > General:
    • Click the edit button for the Web Portal URL.
    • For each of the URLs you created in step 1, at Provider specify the name of the desired Identity Provider in the format idp:<providerName>.
      Example:
      If the Name of the Identity Provider in the Identity Broker Management Portal is ADAuthA,
      then the Provider for the Web Portal URL in the Identity Director Management Portal should be idp:ADAuthA
    • Save your changes.
  6. Configure Identity Broker authentication for the Web Portal