logo logo
7.1.0
  • 7.3.0
  • 7.2.0
  • 7.1.0
  • 7.0.0
  • 6.1.0
  • 6.0.0
  • Show all
Initializing search
    • Home
      • Introduction
      • Quick Setup
          • Quickstart
          • Complete Guide
          • Quickstart
          • Complete Guide
          • Quickstart
          • Complete Guide
          • Quickstart
          • Complete Guide (Redirect)
          • Complete Guide (App-Native)
          • Quickstart
          • Complete Guide
        • .NET Guide
        • Spring Boot Quickstart
      • Try for a sample app
          • React
          • JavaScript
          • OIDC Java EE
          • SAML Java EE
          • WS-Federation
      • Subscribe to AI features
      • About this release
    • Guides
      • Applications
        • Register an SPA
        • Register web app with OIDC
        • Register web app with SAML
        • Register a standard-based app
        • Register a mobile app
        • Register a machine-to-machine (M2M) app
        • Register a FAPI-compliant app
      • Authentication
          • Add login to apps
          • Add login to an SPA
          • Add login to a web app
          • Add login to a mobile app
        • Add login to SaaS apps
          • Google Workspace
          • Salesforce
          • Microsoft 365
          • Zoom
          • Slack
        • Add passwordless login
          • Add login with Magic link
            • Add login with Passkey
            • Validate FIDO attestations
          • Add login with Email OTP
          • Add login with SMS OTP
          • Add login with Push Notification
        • Add multi-factor authentication
          • Add TOTP
          • Add Email OTP
          • Add Passkey
          • Add SMS OTP
          • Add Push Notification
          • Add user-preferred MFA
          • Add x509 login
        • Add federated login
          • Add social login
            • Add Facebook login
            • Add Google login
            • Add GitHub login
            • Add Microsoft login
            • Add Apple login
            • Add X login
          • Add standard-based login
            • Add login with OIDC IdP
            • Add login with SAML IdP
            • Add login with WS-Federation
            • Add IWA login
            • Add Microsoft 365 login
            • Add AD FS login
          • Configure a custom connector
        • Enable user attributes
          • Enable attributes for OIDC apps
          • Enable attributes for SAML apps
        • Manage consent for user attributes
        • Configure Just-in-Time user provisioning
        • Add conditional authentication
          • Set up conditional authentication
            • Add access control
            • Age-based access
            • Concurrent session-based access
            • Add adaptive MFA
            • MFA based on user role
              • Overview
              • Configure ACR-based adaptive authentication
            • MFA based on user store
            • MFA based on login-attempts
            • MFA based on user group
            • MFA based on user device
            • MFA based on IP address
            • MFA based on ELK-risk
            • MFA based on TypingDNA
          • Add passkey progressive enrollment
          • Add push notification device progressive enrollment
          • Add on-demand silent password migration
          • Write a custom authentication script
        • Configure multi-attribute login
        • App-native authentication
          • Add app-native authentication
          • Secure app-native authentication flows
          • Handle advanced login scenarios
        • Login Flow AI
        • Configure OIDC flows
          • Discover OIDC endpoints
          • Dynamic Client Registration (DCR)
            • Authorization code flow
            • Authorization code flow and PKCE
            • Hybrid flow
            • Device authorization flow
            • Pushed Authorization Requests (PAR)
            • JWT Secured Authorization Response Mode (JARM) for OAuth 2.0
            • JWT Bearer Grant
            • Private key JWT
            • Validate tokens at a resource server
            • Validate JWT with JWKS
            • Validate ID tokens
              • Encrypt and decrypt ID tokens
              • ID token encryption reference
            • Request user information
            • Revoke tokens
            • Configure token exchange
              • Front-channel logout
              • Back-channel logout
              • Federated IdP-initiated logout
        • Configure SAML flows
          • Discover SAML endpoints and settings
          • SAML artifact binding
          • Implement SAML federated IdP-initiated SSO
          • SAML back-channel logout
      • Authorization
          • Role-based access control
        • User Impersonation
        • Rich Authorization Requests
      • Identity Verification
        • Configure an Identity Verification Provider
      • User management
        • Manage administrators
        • Manage users
        • Manage groups
        • Manage roles
        • Manage active sessions
          • Inbound provisioning
          • Outbound provisioning
            • Set up outbound provisioning
            • Role-based provisioning
              • Google
              • Salesforce
              • SCIM2
              • Custom Outbound Connector
            • Provisioning patterns
          • Overview
          • Hubspot
          • Salesforce
          • Pipedrive CRM
          • Sendgrid
          • Zoho CRM
        • Manage attributes and mappings
            • Manage attributes
            • Configure attributes
          • OIDC attribute mappings
          • OIDC scopes
          • SCIM2 attribute mappings
          • Configure email address as the username
          • Configure unique attributes
          • Configure multi-valued contact attributes
            • Configure settings
              • Email address update verification
              • Mobile number update verification
        • Manage user stores
          • Configure the primary user store
            • Configure a JDBC user store
            • Configure a read-only LDAP user store
            • Configure a read-write Active Directory user store
            • Configure a read-write LDAP user store
          • Configure secondary user stores
          • User store properties
            • Properties used in JDBC user store manager
            • Properties used in read-only LDAP user store manager
            • Properties used in read-Write Active Directory user store manager
            • Properties used in read-write LDAP user store manager
          • Configure user stores for SCIM 2.0
          • Configure Active Directory user stores for SCIM 2.0
        • Migrate users to WSO2 Identity Server
          • Migrate user accounts
          • Migrate user passwords
      • Account configurations
          • Password validation
          • Login attempts
          • Bot detection
          • Session management
          • Self registration
          • Invite user to set password
          • Password recovery
          • Username recovery
          • Admin Initiated Password Reset
        • Notification settings
        • Account disabling
      • User self-service
          • Access the My Account portal
          • Configure the My Account portal
            • Update profile information
            • Change password
            • Manage linked social accounts
            • Export profile information
            • Manage consents
            • Manage login sessions
            • Self-register
            • Account confirmation for self-register
            • Register passkeys
            • Register Push Notification Device
            • Password recovery
            • Username recovery
            • Enroll TOTP
            • Manage backup codes
            • Discover applications
        • Build self-service capabilities
      • Organizations
          • Overview
        • Set up organizations
          • Set up administration portal
          • Onboard administrators
            • Sales-led approach
            • Self-service approach
          • Share applications
          • Create organization applications
          • Manage conflicts in organizations
          • Overview
          • Authorize applications to API resources
          • Configure roles to consume authorized APIs
          • Generate tokens for organization applications
          • Onboard users
          • Share users
          • Organization settings
            • UI branding
            • Email and SMS templates
          • Organization discovery
          • Email domain-based organization discovery
          • Disable or delete an organization
          • Clean up deleted organization resources
        • Try a B2B use case
        • Customize branding
          • Configure UI branding
          • Branding AI
          • Customize layouts
          • Customize email templates
          • Customize SMS templates
          • Localization support
          • Understanding service extensions
            • Custom authentication
            • Setting up an action
            • Pre issue access token action
            • Pre issue id token action
            • Pre update password action
        • ELK Analytics
          • Access analytics
          • Analyze login attempts
          • Analyze active sessions
          • ELK Alerts
        • Web analytic solutions
        • A/B Testing
        • OpenSearch
      • Your WSO2 Identity Server
        • Manage Console access
        • Self-service
        • Recover your password
        • Recover your username
        • Recover super admin account
      • Multitenancy
        • Manage Root Organizations (Tenants)
        • Tenant loading policy
        • Install
        • Run
        • Get WSO2 updates
        • User Stores
          • Add high availability for LDAP
          • Secure a JDBC user store with PBKDF2 hashing
          • Configure the Authorization Manager
          • Configure the System Administrator
        • Databases
          • Change the Carbon Database
            • Change to IBM DB2
            • Change to MariaDB
            • Change to MSSQL
            • Change to MySQL
            • Change to Oracle
            • Change to Oracle RAC
            • Change to PostgreSQL
            • Change to remote H2
            • Change the Default Datasource for Consent Management
            • Change the Default Datasource for Session Data
            • Change the Default Datasources for the Registry Data
            • Registry Related Tables
            • User Management Related Tables
            • Identity Related Tables
            • Service Provider Related Tables
            • Identity Provider Related Tables
          • Data Purging
          • Remove References to Deleted User Identities
        • Session persistence
        • Cross-Origin Resource Sharing (CORS)
        • Custom Header Filter
        • Clock tolerance
        • Cookie consent banner
        • Email sending module
          • Cross Site Request Forgery attacks
          • Authorization Code Interception attacks
          • Brute Force attacks
          • Replay attacks
          • SameSite attribute support
          • Prevent browser caching
          • Add logs for tokens
          • Token persistence
          • Remove unused tokens from the database
          • Enable assertions in access tokens
          • Generate JWT tokens without revoking existing tokens
        • Enable hostname verification
          • Configure TLS
          • Configure TLS termination
          • Configure post-quantum TLS
        • Maintain logins and passwords
        • Configure Admin Advisory Banner
          • Encrypt passwords with Cipher Tool
          • Resolve encrypted passwords
          • Customize secure vault
          • Set passwords using environment variables/system properties
        • Enable HTTP Strict Transport Security (HSTS) headers
        • Enable Java Security Manager
        • Enable Mutual SSL
        • Enable FIPS 140-2-compliant mode
        • Security guidelines
          • Product-level
          • OS-level
          • Network-level
          • Symmetric encryption
          • Asymmetric encryption
          • Keystores
            • Create new keystores
            • Manage keystores
            • Manage CA-Signed certificates in a keystore
          • Deployment Patterns
          • Deployment Checklist
          • Product Compatibility
          • Change the Hostname
          • Restrict public access to management operations
          • Promote Configurations Across Environments
          • WSO2 Clusters with Nginx
          • Databases for Clustering
          • Configure Hazelcast
          • Kubernetes
          • OpenShift
          • Performance Tuning Recommendations
          • Configure Cache Layers
          • Understanding Disaster Recovery
          • Deployment Patterns
          • Additional Reading
          • Backup and Recovery Recommendations
          • Troubleshoot in Production Environments
      • Compliance
        • GDPR
        • CCPA
        • FIPS
        • FAPI
        • Accessibility compliance
        • Configure ELK analytics
        • Configure SSO with ELK analytics
        • Configure ELK alerts
        • Configure ELK analytics for adaptive authentication
      • Monitor
          • Overview
          • HTTP access logs
          • OAuth transaction logs
          • Remote log publishing
            • Overview
            • Log masking with Filebeat
            • Log masking with Log4j
          • Log claims in audit logs
        • Monitor server health
        • JMX-Based Monitoring
        • Work with product observability
      • Upgrade WSO2 Identity Server
    • SDKs
        • Overview
            • <AsgardeoProvider />
              • <SignInButton />
              • <SignOutButton />
              • <SignUpButton />
              • <SignedIn />
              • <SignedOut />
              • <Loading />
              • <UserDropdown />
              • <UserProfile />
              • <User />
              • <CreateOrganization />
              • <OrganizationProfile />
              • <OrganizationSwitcher />
              • <OrganizationList />
              • <Organization />
              • <OrganizationContext />
            • useAsgardeo()
          • Accessing Protected APIs
          • Protecting Routes
        • Overview
            • <AsgardeoProvider />
            • asgardeoMiddleware()
              • <SignInButton />
              • <SignOutButton />
              • <SignUpButton />
              • <SignedIn />
              • <SignedOut />
              • <Loading />
              • <SignIn />
              • <UserDropdown />
              • <UserProfile />
              • <User />
              • <CreateOrganization />
              • <OrganizationProfile />
              • <OrganizationSwitcher />
              • <OrganizationList />
              • <Organization />
            • useAsgardeo()
          • Accessing Protected APIs
          • Protecting Routes
    • Connectors
        • Overview
        • Set up
        • Usage
        • Reference
        • Overview
        • Set up
        • Usage
        • Reference
        • Try it
    • APIs
        • Admin advisory management API
        • Tenant management API
        • Action Management API
        • API resource management
          • Application management API
            • Authorized apps API V1
            • Authorized apps API V2
          • OAuth 2.0 scope management API
          • OpenID Connect scope management API
          • OIDC Dynamic Client Registration API
          • Script Library management API
        • App-native authentication API
        • Authentication Data API
        • Authenticators API
        • Certificate Validation Management API
        • Branding Preferences API
        • Claim management API
          • Email templates v1 API
          • Email templates v2 API
        • Extension management API
        • Identity provider API
        • Identity verification provider API
        • Idle accounts identification API
        • IdP session extension API
          • Notification sender configurations
          • Notification sender API
        • Notification Templates Management API
        • Organization discovery API
        • Organization discovery configuration management API
        • Organization management API
          • Roles v2 API
          • Roles v1 API (deprecated)
        • Rule Metadata API
            • Configuration management API
            • Retrieve Tenant Resources Based on Search Parameters
            • Identity Governance API introduction
            • Identity governance API
          • Keystore management API
          • User store management API
          • CORS API
            • Overview
            • Consent management API
        • Session management API
        • Server configuration API
        • User Functionality management API
          • SCIM 2.0 API
            • SCIM 2.0 Users API
            • SCIM 2.0 Groups API
            • SCIM 2.0 Patch operations
            • SCIM 2.0 Bulk API
            • SCIM 2.0 Batch operations
            • SCIM 2.0 Resource types API
            • SCIM 2.0 Service provider configuration API
            • Account recovery v0.9 API
            • Account recovery v1 API (deprecated)
            • Account recovery v2 API
          • Offline user onboard management API
          • Self Sign-Up API
          • User Account Association API
          • Identity verification API
        • User sharing management API
        • Validation rules API
      • Organization APIs
        • Get access for organization APIs
        • API resource management API
          • Application management API (Shared Applications)
          • Application management API
        • Authenticators API
        • Certificate Validation Management API
        • Branding management API
        • Claim management API
          • Email templates v1 API
          • Email templates v2 API
        • Identity provider management API
        • Identity recovery API
        • Idle accounts identification API
        • Invite parent organization's users API
        • Notification sender API
        • Notification Templates Management API
        • Offline user onboard management API
        • Organization discovery API
        • Organization management API
        • SCIM 2.0 Bulk API
        • SCIM 2.0 Group management API
        • SCIM 2.0 Role management API
        • User management
          • SCIM 2.0 Users API
          • SCIM 2.0 Groups API
          • SCIM 2.0 Bulk API
          • User Account Association API
        • User sharing management API
        • User store management API
        • FIDO API
        • Organization Me API
        • Session management API
        • SCIM 2.0 Me API
        • TOTP API
        • Push Notification Device API
        • User account association API
        • User discoverable application API
        • Identity Verification
    • References
      • Feature deprecation
        • User roles
        • Track user deletion
        • Self registration confirmation
      • App configurations
        • OIDC configurations
        • SAML configurations
        • WS-Federation configurations
      • IdP configurations
        • OIDC configurations
        • SAML configurations
        • Conditional auth - API
      • Authorization policies for apps
        • Email templates
        • SMS templates
            • API contract to implement
            • API contract to implement
            • Sample success responses
            • API v1.0 contract to implement
            • Sample success responses
            • API contract to implement
      • Architecture
      • IS extensions
            • Write a custom OAuth2 grant type
            • Configure a custom token issuer
            • Write custom functions for conditional authentication
          • Write a custom local authenticator
          • Write a post-authentication handler
          • Write a custom federated authenticator
          • SCIM2 Custom User Schema Support
          • Write a custom event handler
          • Write a custom user store manager
      • Default ports
      • Troubleshoot
        • Error catalog
        • API error catalog
        • App-native error catalog
        • Verifiable credentials with Microsoft Entra Verified ID
        • Verifiable credentials with MATTR
        • Send notifications through an external scheduled task
        • Configure Choreo for silent password migration
        • Build your own push authenticator app
        • Use WSO2 Identity Server with identity gateways
          • OAuth2 Proxy
          • Oathkeeper
          • Mod Auth OpenIDC
        • OAuth2 grant types
        • OAuth2 Pushed Authorization Requests
        • Token binding
          • Client-request
        • Token hashing
          • FAPI 1.0 Advanced
          • FAPI 2.0
        • App-native authentication
        • OIDC session management
        • Push Notification based authentication
        • Introduction 4 mins
        • Prerequisite 2 mins
        • Pre-Issue Access Token Action Use Case 4 mins
        • Configure Pre-Issue Access Token Action with Choreo 5 mins
        • Configure Pre-Issue Access Token Action with Vercel 5 mins
        • Configure Pre-Issue Access Token Action with AWS Lambda 5 mins
        • Pre-Update Password Action Use Case 4 mins
        • Configure Pre-Update Password Action with Choreo 5 mins
        • Configure Pre-Update Password Action with Vercel 5 mins
        • Configure Pre-Update Password Action with AWS Lambda 5 mins
        • Introduction 2 mins
        • Prerequisite 30 secs
        • Configure an application 2 min
        • Create a React app 2 min
        • Configure Asgardeo SDK 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Manage tokens in React 2 min
        • Next Steps 1 min
        React
          • Introduction 2 mins
          • Prerequisite 30 secs
          • Register an application 2 min
          • Create a Next.js app 2 min
          • Configure Asgardeo SDK 2 min
          • Add login and logout 2 min
          • Display user details 4 min
          • Securing Routes 4 min
          • Accessing protected API 2 min
          • Manage tokens in Next.js 2 min
          • Next Steps 1 min
          Redirect-Based
          • Introduction 2 mins
          • Prerequisites 30 secs
          • Register an application 2 min
          • Create an app for app-native authentication 2 min
          • Configure Asgardeo SDK 2 min
          • Add login and logout 10 min
          • Add MFA using app-native APIs 5 min
          • Add Social Login using app-native APIs 5 min
          • Manage tokens in app-native apps 2 min
          • Next Steps 1 min
          App-Native
        • Introduction 2 mins
        • Prerequisite 30 secs
        • Register an application 2 min
        • Create an Angular app 2 min
        • Configure Auth provider 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Manage tokens in Angular 2 min
        • Next Steps 1 min
        Angular
        • Introduction 2 mins
        • Prerequisite 30 secs
        • Register an application 2 min
        • Create a JavaScript app 2 min
        • Configure Asgardeo SDK 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Accessing protected API 2 min
        • Manage tokens in JavaScript 2 min
        • Next Steps 1 min
        Javascript
        • Introduction 2 mins
        • Prerequisite 30 secs
        • Configure an application 2 min
        • Create an Express.js app 2 min
        • Configure Passport Asgardeo 2 min
        • Add login and logout 2 min
        • Persist user sessions 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Next Steps 1 min
        Express.js
        • Introduction 2 mins
        • Prerequisites 30 secs
        • Register an application 2 min
        • Create a .NET app 2 min
        • Configure auth properties 2 min
        • Add login and logout 10 min
        • Securing Routes 5 min
        • Display user details 5 min
        • Accessing protected API 2 min
        • Manage tokens in .NET 2 min
        • Next Steps 1 min
        .NET
        • Introduction 2 mins
        • In-app vs IdP-based login 30 secs
        • Public clients 2 min
        • Insecure token handling 2 min
        • Weak access control 4 min
        • Unauthorized access 2 min
        • Weak MFA 4 min
        • Partial user logouts 2 min
        • Product misconfiguration 2 mins
        • Cross-Site Scripting (XSS) 2 mins
        • Cross-Site Request Forgery (CSRF) 2 mins
        • Next Steps 1 min
        Frontend Security

    Connectors

    This document lists the available connectors for WSO2 Identity Server 7.1.0.

    Sift

    Helps prevent fraudulent logins to your system.

    Link to connector store Documentation

    Onfido

    Provides identity verification so you know exactly who logs in.

    Link to connector store Documentation
    Back to top

    Join our Discord

    Connect with our community on our official Discord server. Share ideas, get help, and be a part of the awesome conversations!

    Join Discord
    Ask on Stackoverflow
    Head over to GitHub
    Follow us on X (Formerly Twitter)
    Subscribe to our YouTube Channel
    © 2024-2026 WSO2 LLC.  |  Content licensed under CC By 4.0. | Sample code licensed under Apache 2.0.