7.2.0
7.3.0
7.2.0
7.1.0
7.0.0
6.1.0
6.0.0
Show all
Initializing search
Get Help
Report Issues
WSO2 Identity Server
Home
Home
Get started
Get started
Introduction
Quick Setup
Connect App
Connect App
React
React
Quickstart
Complete Guide
Angular
Angular
Quickstart
Complete Guide
Javascript
Javascript
Quickstart
Complete Guide
Next.js
Next.js
Quickstart
Complete Guide (Redirect)
Complete Guide (App-Native)
Express.js
Express.js
Quickstart
Complete Guide
.NET Guide
Spring Boot Quickstart
Try for a sample app
Try for a sample app
Single Page apps
Single Page apps
React
JavaScript
Web apps
Web apps
OIDC Java EE
SAML Java EE
WS-Federation
Secure MCP Servers
Secure MCP Servers
TypeScript
Python
Secure Your AI Agents
Secure Your AI Agents
Python
TypeScript
Subscribe to AI features
About this release
Guides
Guides
Applications
Applications
Register an SPA
Register web app with OIDC
Register web app with SAML
Register a standard-based app
Register a mobile app
Register a machine-to-machine (M2M) app
Register a FAPI-compliant app
Register an MCP client app
Register a React app
Register a Next.js app
Authentication
Authentication
Add login to apps
Add login to apps
Add login to apps
Add login to an SPA
Add login to a web app
Add login to a mobile app
Add login to SaaS apps
Add login to SaaS apps
Google Workspace
Salesforce
Microsoft 365
Zoom
Slack
Add passwordless login
Add passwordless login
Add login with Magic link
Passkeys
Passkeys
Add login with Passkey
Validate FIDO attestations
Add login with Email OTP
Add login with SMS OTP
Add login with Push Notification
Add multi-factor authentication
Add multi-factor authentication
Add TOTP
Add Email OTP
Add Passkey
Add SMS OTP
Add Push Notification
Add user-preferred MFA
Add x509 login
Add federated login
Add federated login
Add social login
Add social login
Add Facebook login
Add Google login
Add GitHub login
Add Microsoft login
Add Apple login
Add X login
Add standard-based login
Add standard-based login
Add login with OIDC IdP
Add login with SAML IdP
Add login with WS-Federation
Add enterprise login
Add enterprise login
Add IWA login
Add Microsoft 365 login
Add AD FS login
Add eID login
Add eID login
Add Signicat login
Add FranceConnect login
Add SwissID login
Configure a custom connector
Enable user attributes
Enable user attributes
Enable attributes for OIDC apps
Enable attributes for SAML apps
Manage consent for user attributes
Configure Just-in-Time user provisioning
Add conditional authentication
Add conditional authentication
Set up conditional authentication
Add access control
Add access control
Add access control
Age-based access
Concurrent session-based access
Add adaptive MFA
Add adaptive MFA
Add adaptive MFA
MFA based on user role
MFA based on auth context
MFA based on auth context
Overview
Configure ACR-based adaptive authentication
MFA based on user store
MFA based on login-attempts
MFA based on user group
MFA based on user device
MFA based on IP address
MFA based on ELK-risk
MFA based on TypingDNA
Add passkey progressive enrollment
Add push notification device progressive enrollment
Add on-demand silent password migration
Write a custom authentication script
Configure multi-attribute login
App-native authentication
App-native authentication
Add app-native authentication
Secure app-native authentication flows
Handle advanced login scenarios
Login Flow AI
Configure OIDC flows
Configure OIDC flows
Discover OIDC endpoints
Dynamic Client Registration (DCR)
Login flows
Login flows
Authorization code flow
Authorization code flow and PKCE
Hybrid flow
Device authorization flow
Pushed Authorization Requests (PAR)
JWT Secured Authorization Response Mode (JARM) for OAuth 2.0
Grant types
Grant types
JWT Bearer Grant
Client authentication methods
Client authentication methods
Private key JWT
Tokens and validation
Tokens and validation
Validate tokens at a resource server
Validate JWT with JWKS
Validate ID tokens
Encrypt ID tokens
Encrypt ID tokens
Encrypt and decrypt ID tokens
ID token encryption reference
Request user information
Revoke tokens
Configure token exchange
Logout
Logout
Front-channel logout
Back-channel logout
Federated IdP-initiated logout
Configure SAML flows
Configure SAML flows
Discover SAML endpoints and settings
SAML artifact binding
Implement SAML federated IdP-initiated SSO
SAML back-channel logout
Authorization
Authorization
API authorization
API authorization
Role-based access control
MCP server authorization
User impersonation
User impersonation
via Console
via business application (advanced)
Rich Authorization Requests
Identity Verification
Identity Verification
Configure an Identity Verification Provider
User management
User management
Manage administrators
Users
Users
Onboard users
Manage users
Manage groups
Manage roles
Manage active sessions
Provisioning
Provisioning
Inbound provisioning
Outbound provisioning
Outbound provisioning
Set up outbound provisioning
Role-based provisioning
Configure an outbound connector
Configure an outbound connector
Google
Salesforce
SCIM2
Custom Outbound Connector
Provisioning patterns
Sync User Accounts
Sync User Accounts
Overview
Hubspot
Salesforce
Pipedrive CRM
Sendgrid
Zoho CRM
Manage attributes and mappings
Manage attributes and mappings
User attributes
User attributes
Manage attributes
Configure attributes
Configurations reference
OIDC attribute mappings
OIDC scopes
SCIM2 attribute mappings
Configure email address as the username
Configure unique attributes
Configure multi-valued contact attributes
Verification and notification settings for attribute updates
Verification and notification settings for attribute updates
Configure settings
Try it out
Try it out
Email address update verification
Mobile number update verification
Manage user stores
Manage user stores
Configure the primary user store
Configure the primary user store
Configure a JDBC user store
Configure a read-only LDAP user store
Configure a read-write Active Directory user store
Configure a read-write LDAP user store
Configure secondary user stores
User store properties
User store properties
Properties used in JDBC user store manager
Properties used in read-only LDAP user store manager
Properties used in read-Write Active Directory user store manager
Properties used in read-write LDAP user store manager
Configure user stores for SCIM 2.0
Configure Active Directory user stores for SCIM 2.0
Migrate users to WSO2 Identity Server
Migrate users to WSO2 Identity Server
Migrate user accounts
Migrate user passwords
Workflows
Workflows
Approval workflows
Workflow requests
Account configurations
Account configurations
Login security
Login security
Password validation
Login attempts
Bot detection
Session management
Account recovery
Account recovery
Username recovery
Admin Initiated Password Reset
Notification settings
Account disabling
Flows
Flows
Get Started
Self Registration
Password Recovery
Invited User Registration
Flow AI
Use the Flow Execution API
Understand Flow Execution Components
Troubleshooting
User self-service
User self-service
My Account portal
My Account portal
Access the My Account portal
Configure the My Account portal
Explore self-service features
Explore self-service features
Update profile information
Change password
Manage linked social accounts
Export profile information
Manage consents
Manage login sessions
Register passkeys
Register Push Notification Device
Username recovery
Enroll TOTP
Manage backup codes
Discover applications
Manage approvals
Build your own self-service capabilities
Organizations
Organizations
Getting started
Getting started
Overview
Set up organizations
Delegate administration
Delegate administration
Set up administration portal
Onboard administrators
Onboard administrators
Sales-led approach
Self-service approach
Configure organization applications
Configure organization applications
Share applications
Create organization applications
Manage conflicts in organizations
Authorize API resources
Authorize API resources
Overview
Authorize applications to API resources
Configure roles to consume authorized APIs
Generate tokens for organization applications
Manage organization users
Manage organization users
Onboard users
Share users
Customize organizations
Customize organizations
Organization settings
Organization settings
Login and registration settings
UI branding
Email and SMS templates
User attributes
OIDC scopes
Flows
Extend with service extensions
Enable organization-based login
Enable organization-based login
Organization discovery
Email domain-based organization discovery
Offboard organizations
Offboard organizations
Disable or delete an organization
Clean up deleted organization resources
Try a B2B use case
Notification Channels
Notification Channels
Configure Email Provider
Configure SMS Provider
Configure Push Provider
Customizations
Customizations
Customize branding
Customize branding
Configure UI branding
Branding AI
Customize layouts
Customize layouts
Using the Console
By updating server files
Customize email templates
Customize SMS templates
Localization support
Extend with service extensions
Extend with service extensions
Understanding service extensions
In-flow extensions
In-flow extensions
Custom authentication
Pre-flow extensions (Actions)
Pre-flow extensions (Actions)
Setting up an action
Pre issue access token action
Pre update password action
Pre update profile action
Integrate with webhooks
Integrate with webhooks
Understanding webhooks
Setup webhooks
Webhook events and payloads
Analytics
Analytics
ELK Analytics
ELK Analytics
Access analytics
Analyze login attempts
Analyze active sessions
ELK Alerts
Web analytic solutions
A/B Testing
Multitenancy
Multitenancy
Manage Root Organizations (Tenants)
Tenant loading policy
Agentic AI
Agentic AI
MCP Authorization
MCP Authorization
Securing MCP Servers
Setting up MCP Clients
Identity for AI Agents
Identity for AI Agents
Register and manage agents
Agent credentials
Access control for agents
Agent authentication
Your WSO2 Identity Server
Your WSO2 Identity Server
Manage Console access
Self-service
Recover your username
Recover super admin account
Tutorials
Tutorials
Verifiable credentials with Microsoft Entra Verified ID
Verifiable credentials with MATTR
Send notifications through an external scheduled task
Configure Choreo for silent password migration
Build your own push authenticator app
Secure Agentic AI Systems with WSO2 Identity Server
Integrating WSO2 Identity Server With WSO2 AI Gateway for Agent Identity-Aware Access Control
Integrating WSO2 Identity Server With Kong AI Gateway for Agent Identity-Aware Access Control
Secure MCP servers with WSO2 Identity Server and integrate them with n8n agentic flows
Setup
Setup
Install
Install
Install
Run
Get WSO2 updates
Configure
Configure
User Stores
User Stores
Add high availability for LDAP
Secure a JDBC user store with PBKDF2 hashing
Configure the Authorization Manager
Configure the System Administrator
Databases
Databases
Change the Carbon Database
Change the Carbon Database
Change to IBM DB2
Change to MariaDB
Change to MSSQL
Change to MySQL
Change to Oracle
Change to Oracle RAC
Change to PostgreSQL
Change to remote H2
Change the Default Datasource for Consent Management
Change the Default Datasource for Session Data
Change the Default Datasources for the Registry Data
Change the Default Datasource for Agent Identities
Data Dictionary
Data Dictionary
Registry Related Tables
User Management Related Tables
Identity Related Tables
Service Provider Related Tables
Identity Provider Related Tables
Data Purging
Remove References to Deleted User Identities
Session persistence
Cross-Origin Resource Sharing (CORS)
Custom Header Filter
Clock tolerance
Cookie consent banner
Secure
Secure
Mitigate attacks
Mitigate attacks
Cross Site Request Forgery attacks
Authorization Code Interception attacks
Brute Force attacks
Replay attacks
SameSite attribute support
Prevent browser caching
Work with tokens
Work with tokens
Add logs for tokens
Token persistence
Remove unused tokens from the database
Enable assertions in access tokens
Generate JWT tokens without revoking existing tokens
Enable hostname verification
Transport Level Security
Transport Level Security
Configure TLS
Configure TLS termination
Configure post-quantum TLS
Maintain logins and passwords
Configure Admin Advisory Banner
Secure passwords in configuration files
Secure passwords in configuration files
Encrypt passwords with Cipher Tool
Resolve encrypted passwords
Customize secure vault
Set passwords using environment variables/system properties
Enable HTTP Strict Transport Security (HSTS) headers
Enable Java Security Manager
Enable Mutual SSL
Enable FIPS 140-2-compliant mode
Security guidelines
Security guidelines
Product-level
OS-level
Network-level
Encryption
Encryption
Symmetric encryption
Symmetric encryption
Asymmetric encryption
Asymmetric encryption
Keystores
Keystores
Create new keystores
Manage keystores
Manage CA-Signed certificates in a keystore
Configure custom keystores for authentication protocols
Clean up flow context
Deploy
Deploy
Deployment overview
Deployment overview
Deployment Patterns
Deployment Checklist
Product Compatibility
Change the Hostname
Restrict public access to management operations
Promote Configurations Across Environments
High Availability (HA) and clustering
High Availability (HA) and clustering
WSO2 Clusters with Nginx
Databases for Clustering
Configure Hazelcast
Containerized deployments
Containerized deployments
Kubernetes
OpenShift
Performance and scaling
Performance and scaling
Performance Tuning Recommendations
Configure Cache Layers
Multi-data center deployments (Disaster Recovery)
Multi-data center deployments (Disaster Recovery)
Understanding Disaster Recovery
Deployment Patterns
Additional Reading
Maintenance and troubleshooting in Production
Maintenance and troubleshooting in Production
Backup and Recovery Recommendations
Troubleshoot in Production Environments
Compliance
Compliance
GDPR
CCPA
FIPS
FAPI
Accessibility compliance
Analytics
Analytics
Configure ELK analytics
Configure SSO with ELK analytics
Configure ELK alerts
Configure ELK analytics for adaptive authentication
Monitor
Monitor
Monitor logs
Monitor logs
Overview
HTTP access logs
OAuth transaction logs
Remote log publishing
Mask sensitive info
Mask sensitive info
Overview
Log masking with Filebeat
Log masking with Log4j
Log claims in audit logs
Monitor server health
JMX-Based Monitoring
Work with product observability
Upgrade WSO2 Identity Server
SDKs
SDKs
SDK Documentation
SDK Documentation
React SDK
React SDK
Overview
APIs
APIs
Contexts
Contexts
<AsgardeoProvider />
Components
Components
Action Components
Action Components
<SignInButton />
<SignOutButton />
<SignUpButton />
Control Components
Control Components
<SignedIn />
<SignedOut />
<Loading />
User Self-care Components
User Self-care Components
<UserDropdown />
<UserProfile />
<User />
Organization Components (B2B)
Organization Components (B2B)
<CreateOrganization />
<OrganizationProfile />
<OrganizationSwitcher />
<OrganizationList />
<Organization />
<OrganizationContext />
hooks
hooks
useAsgardeo()
Guides
Guides
Accessing Protected APIs
Protecting Routes
Next.js SDK
Next.js SDK
Overview
APIs
APIs
Contexts
Contexts
<AsgardeoProvider />
Middleware
Middleware
asgardeoMiddleware()
Components
Components
Action Components
Action Components
<SignInButton />
<SignOutButton />
<SignUpButton />
Control Components
Control Components
<SignedIn />
<SignedOut />
<Loading />
Authentication Components
Authentication Components
<SignIn />
<SignUp />
User Self-care Components
User Self-care Components
<UserDropdown />
<UserProfile />
<User />
Organization Components (B2B)
Organization Components (B2B)
<CreateOrganization />
<OrganizationProfile />
<OrganizationSwitcher />
<OrganizationList />
<Organization />
hooks
hooks
useAsgardeo()
Guides
Guides
Accessing Protected APIs
Protecting Routes
Connectors
Connectors
Sift
Sift
Overview
Set up
Usage
Reference
Onfido
Onfido
Overview
Set up
Usage
Reference
Try it
APIs
APIs
System APIs
System APIs
Admin advisory management API
Tenant management API
Management APIs
Management APIs
Action Management API
Agent Management API
API resource management
Application management
Application management
Application management API
Authorized apps
Authorized apps
Authorized apps API V1
Authorized apps API V2
OAuth 2.0 scope management API
OpenID Connect scope management API
OIDC Dynamic Client Registration API
Script Library management API
App-native authentication API
Authentication Data API
Authenticators API
Certificate Validation Management API
Branding Preferences API
Claim management API
Email templates APIs
Email templates APIs
Email templates v1 API
Email templates v2 API
Extension management API
Identity provider API
Identity verification provider API
Idle accounts identification API
IdP session extension API
Notification sender management
Notification sender management
Notification sender configurations
Notification sender API
Notification sender API
Notification sender v1 API (deprecated)
Notification sender v2 API
Notification Templates Management API
Organization discovery API
Organization discovery configuration management API
Organization management API
Role management
Role management
Roles v2 API
Roles v1 API (deprecated)
Rule Metadata API
Server management
Server management
Configuration management
Configuration management
Configuration management API
Retrieve Tenant Resources Based on Search Parameters
Identity governance
Identity governance
Identity Governance API introduction
Identity governance API
Keystore management API
User store management API
CORS API
Consent management
Consent management
Overview
Consent management API
Session management API
Server configuration API
User credential management API
User Functionality management API
User management
User management
SCIM 2.0 API
SCIM 2.0 API
SCIM 2.0 Users API
SCIM 2.0 Groups API
SCIM 2.0 Patch operations
SCIM 2.0 Bulk API
SCIM 2.0 Schema API
SCIM 2.0 Batch operations
SCIM 2.0 Resource types API
SCIM 2.0 Service provider configuration API
Account recovery APIs
Account recovery APIs
Account recovery v0.9 API
Account recovery v1 API (deprecated)
Account recovery v2 API
Offline user onboard management API
Self Sign-Up API
User Account Association API
Verification Code Management API
Identity verification API
User sharing management API
Validation rules API
Webhook Management API
Webhook Metadata API
Workflow management API
Organization APIs
Organization APIs
Get access for organization APIs
Action Management API
API resource management API
Application management
Application management
Application management API (Shared Applications)
Application management API
Authenticators API
Certificate Validation Management API
Branding management API
Claim management API
Email templates APIs
Email templates APIs
Email templates v1 API
Email templates v2 API
Identity governance API
Identity provider management API
Identity recovery API
Idle accounts identification API
Invite parent organization's users API
Notification sender API
Notification sender API
Notification sender v1 API (deprecated)
Notification sender v2 API
Notification Templates Management API
Offline user onboard management API
Organization discovery API
Organization management API
Rule Metadata API
SCIM 2.0 Bulk API
SCIM 2.0 Group management API
SCIM 2.0 Role management API
Server configuration API
User credential management API
User management
User management
SCIM 2.0 Users API
SCIM 2.0 Groups API
SCIM 2.0 Bulk API
User Account Association API
Verification Code Management API
User sharing management API
User store management API
Validation rules API
End User APIs
End User APIs
FIDO API
Organization Me API
Session management API
SCIM 2.0 Me API
TOTP API
Push Notification Device API
User account association API
User discoverable application API
Identity Verification
Verification Code Management Me API
References
References
Feature deprecation
Configuration catalog
User management
User management
User roles
Track user deletion
Self registration confirmation
App configurations
App configurations
OIDC configurations
SAML configurations
WS-Federation configurations
IdP configurations
IdP configurations
OIDC configurations
SAML configurations
Conditional authentication
Conditional authentication
Conditional auth - API
Authorization policies for apps
Notification templates
Notification templates
Email templates
SMS templates
Service extensions
Service extensions
In-flow extensions
In-flow extensions
Custom authentication
Custom authentication
API contract to implement
Pre-flow extensions (Actions)
Pre-flow extensions (Actions)
Pre issue access token action
Pre issue access token action
Version 1.x
Version 1.x
API v1.0 contract to implement
API v1.1 contract to implement
Sample success reponses
Pre update password action
Pre update password action
Version 1.x
Version 1.x
API v1.0 contract to implement
API v1.1 contract to implement
Version 2.x
Version 2.x
API v2.0 contract to implement
Pre update profile action
Pre update profile action
Version 1.x
Version 1.x
API v1.0 contract to implement
Architecture
IS extensions
IS extensions
Authentication
Authentication
OAuth2
OAuth2
Write a custom OAuth2 grant type
Configure a custom token issuer
Conditional authentication
Conditional authentication
Write custom functions for conditional authentication
Write a custom local authenticator
Write a post-authentication handler
Identity Federation
Identity Federation
Write a custom federated authenticator
User Management
User Management
Write a custom event handler
SCIM2 Custom User Schema Support
User Stores
User Stores
Write a custom user store manager
Default ports
Troubleshoot
Troubleshoot
Error catalog
API error catalog
App-native error catalog
Tutorials
Tutorials
Verifiable credentials with Microsoft Entra Verified ID
Verifiable credentials with MATTR
Send notifications through an external scheduled task
Configure Choreo for silent password migration
Build your own push authenticator app
Use WSO2 Identity Server with identity gateways
Use WSO2 Identity Server with identity gateways
OAuth2 Proxy
Oathkeeper
Mod Auth OpenIDC
IAM concepts
IAM concepts
OAuth2 grant types
OAuth2 Pushed Authorization Requests
Token binding
Token binding
Client-request
DPoP
Client Secret & Token hashing
Financial-grade API
App-native authentication
OIDC session management
Push Notification based authentication
Technology Guides
Technology Guides
Actions
Actions
Introduction
4 mins
Prerequisite
2 mins
Pre-Issue Access Token Action Use Case
4 mins
Configure Pre-Issue Access Token Action with Choreo
5 mins
Configure Pre-Issue Access Token Action with Vercel
5 mins
Configure Pre-Issue Access Token Action with AWS Lambda
5 mins
Pre-Update Password Action Use Case
4 mins
Configure Pre-Update Password Action with Choreo
5 mins
Configure Pre-Update Password Action with Vercel
5 mins
Configure Pre-Update Password Action with AWS Lambda
5 mins
React
React
Introduction
2 mins
Prerequisite
30 secs
Configure an application
2 min
Create a React app
2 min
Configure Asgardeo SDK
2 min
Add login and logout
2 min
Display user details
2 min
Securing Routes
2 min
Accessing protected API
2 min
Manage tokens in React
2 min
Next Steps
1 min
React
Next.js
Next.js
Redirect-Based
Redirect-Based
Introduction
2 mins
Prerequisite
30 secs
Register an application
2 min
Create a Next.js app
2 min
Configure Asgardeo SDK
2 min
Add login and logout
2 min
Display user details
4 min
Securing Routes
4 min
Accessing protected API
2 min
Manage tokens in Next.js
2 min
Next Steps
1 min
Redirect-Based
App-Native
App-Native
Introduction
2 mins
Prerequisites
30 secs
Register an application
2 min
Create an app for app-native authentication
2 min
Configure Asgardeo SDK
2 min
Add login and logout
10 min
Add MFA using app-native APIs
5 min
Add Social Login using app-native APIs
5 min
Manage tokens in app-native apps
2 min
Next Steps
1 min
App-Native
Angular
Angular
Introduction
2 mins
Prerequisite
30 secs
Register an application
2 min
Create an Angular app
2 min
Configure Auth provider
2 min
Add login and logout
2 min
Display user details
2 min
Securing Routes
2 min
Accessing protected API
2 min
Manage tokens in Angular
2 min
Next Steps
1 min
Angular
Javascript
Javascript
Introduction
2 mins
Prerequisite
30 secs
Register an application
2 min
Create a JavaScript app
2 min
Configure Asgardeo SDK
2 min
Add login and logout
2 min
Display user details
2 min
Accessing protected API
2 min
Manage tokens in JavaScript
2 min
Next Steps
1 min
Javascript
Express.js
Express.js
Introduction
2 mins
Prerequisite
30 secs
Configure an application
2 min
Create an Express.js app
2 min
Configure Passport Asgardeo
2 min
Add login and logout
2 min
Persist user sessions
2 min
Display user details
2 min
Securing Routes
2 min
Accessing protected API
2 min
Next Steps
1 min
Express.js
.NET
.NET
Introduction
2 mins
Prerequisites
30 secs
Register an application
2 min
Create a .NET app
2 min
Configure auth properties
2 min
Add login and logout
10 min
Securing Routes
5 min
Display user details
5 min
Accessing protected API
2 min
Manage tokens in .NET
2 min
Next Steps
1 min
.NET
Back to top