This page describes the process to configure your identity provider in order to change the authentication workflow for the users of your environments.
To log into the mediarithmics platform, you have two options. By default, authentication is done by entering your email and password and all of the account details are managed by our system. But it is also possible to connect with your own identity provider to the mediarithmics applications.
In both cases, you first need to create the user in the mediarithmics platform before any connection. This is a security process to be sure only restricted users get access to our tools even if you use our own identity provider to log in. To create a user, see instructions here.
The feature is in alpha. If you have any trouble setting up your identity provider to work with our platform, please contact the support team.

Declare an identity provider

Identity providers are created at community level. They can be activated on any sub-organisation of the community. If you need more information about community and organisations please read our user guide page.
Creating an identity provider
Once your identity provider is created, please finish the process with the following API call:
Configure an identity provider
It is also possible to update information about your identity provider such as the description.
Update an identity provider

Authorize the mediarithmics platform as an application in your identity provider system

You need to authorize the mediarithmics application in your identity provider system. To do so, you may need some information like our redirectURL or the identityId.
Get information from an identity provider

Associate the identity provider with an organisation

When the identity provider is configured, it will be ready to be used. You will be able to associate it with an organisation and all your users created in this organisation will be redirected to your identity provider during their authentication flow.
Associate an identity provider with an organisation
Currently you need to associate your identity provider to organisations one by one. There isn't any inheritance relationship with other organisations.
It's possible to create multiple identity providers and set them to different organisations, but an organisation can have only one identity provider associated to it.


If we get the following community and organisation structure: Community_A |- Organisation_B |- Organisation_C
We declare a new Identity_Provider_1 in the Community_A and we want to use it, but only for users created in the Community_A, so we use the association route.
Like this only users created directly on the community level will be redirected to the Identity_Provider_1. If I'm an Organisation_B user, I'm still using the default authentication process with email and password.
Now we declare another identity provider, Identity_Provider_2 for users in the Organisation_C. We still need to create it in the community level but it's after the association that we start to route users from Organisation_C to the identity provider upon login.
With our configuration we get users from : Community_A log in with Identity_Provider_1 |- Organisation_B log in with the default email-password process |- Organisation_C log in with Identity_Provider_2

Remove an identity provider

You can only remove an identity provider if it's not associated with any organisation, so first you need to remove an association.
Remove an association between an identity provider and an organisation
If no association still exists with the identity provider, you can remove it.
Delete an identity provider