7.1.0
7.1.0
7.0.0
6.1.0
6.0.0
Show all
Initializing search
Get Help
WSO2 Identity Server
Home
Home
Get started
Get started
Introduction
Quick Setup
Connect App
Connect App
React
React
Quickstart
Complete Guide
Angular
Angular
Quickstart
Complete Guide
Javascript Quickstart
Next.js Quickstart
Node.js Quickstart
Spring Boot Quickstart
Subscribe to AI features
About this release
Try for a sample app
Guides
Guides
Applications
Applications
Register an SPA
Register web app with OIDC
Register web app with SAML
Register a standard-based app
Register a mobile app
Register a machine-to-machine (M2M) app
Register a FAPI-compliant app
Authentication
Authentication
Add login to apps
Add login to apps
Add login to apps
Add login to an SPA
Add login to a web app
Add login to a mobile app
Add login to SaaS apps
Add login to SaaS apps
Google Workspace
Salesforce
Microsoft 365
Zoom
Slack
Add passwordless login
Add passwordless login
Add login with Magic link
Passkeys
Passkeys
Add login with Passkey
Validate FIDO attestations
Add login with Email OTP
Add login with SMS OTP
Add login with Push Notification
Add multi-factor authentication
Add multi-factor authentication
Add TOTP
Add Email OTP
Add Passkey
Add SMS OTP
Add Push Notification
Add user-preferred MFA
Add x509 login
Add federated login
Add federated login
Add social login
Add social login
Add Facebook login
Add Google login
Add Github login
Add Microsoft login
Add Apple login
Add X login
Add standard-based login
Add standard-based login
Add login with OIDC IdP
Add login with SAML IdP
Add login with WS-Federation
Add enterprise login
Add enterprise login
Add IWA login
Add Microsoft 365 login
Add AD FS login
Configure a custom connector
Enable user attributes
Enable user attributes
Enable attributes for OIDC apps
Enable attributes for SAML apps
Manage consent for user attributes
Configure Just-in-Time user provisioning
Add conditional authentication
Add conditional authentication
Set up conditional authentication
Add access control
Add access control
Add access control
Age-based access
Concurrent session-based access
Add adaptive MFA
Add adaptive MFA
Add adaptive MFA
MFA based on user role
MFA based on auth context
MFA based on user store
MFA based on login-attempts
MFA based on user group
MFA based on user device
MFA based on IP address
MFA based on ELK-risk
MFA based on TypingDNA
Add passkey progressive enrollment
Add push notification device progressive enrollment
Add on-demand silent password migration
Write a custom authentication script
Configure multi-attribute login
App-native authentication
App-native authentication
Add app-native authentication
Secure app-native authentication flows
Handle advanced login scenarios
Login Flow AI
Configure OIDC flows
Configure OIDC flows
Discover OIDC endpoints
Implement login using the Authorization Code flow
Implement login using the Authorization Code flow and PKCE
Implement private key JWT client authentication for OIDC
Implement login using Pushed Authorization Requests
Implement login using the Device Authorization flow
JWT Secured Authorization Response Mode (JARM) for OAuth 2.0
Implement login using the OIDC Hybrid Flow
Configure token exchange
Validate ID tokens
Request user information
Validate tokens
Revoke tokens
Implement logout
Implement back channel logout
Implement federated IdP-initiated logout
Configure SAML flows
Configure SAML flows
Discover SAML endpoints and settings
Implement SAML federated IdP-initiated SSO
Authorization
Authorization
API authorization
API authorization
Role-based access control
User Impersonation
Rich Authorization Requests
Identity Verification
Identity Verification
Configure an Identity Verification Provider
User management
User management
Manage administrators
Manage users
Manage groups
Manage roles
Manage active sessions
Provisioning
Provisioning
Inbound provisioning
Outbound provisioning
Outbound provisioning
Enable outbound provisioning
Enable outbound provisioning
Organization-level provisioning
IdP-level provisioning
Role-based provisioning
Configure an outbound connector
Configure an outbound connector
Google
Salesforce
SCIM2
Custom Outbound Connector
Provisioning patterns
Sync User Accounts
Sync User Accounts
Overview
Hubspot
Salesforce
Pipedrive CRM
Sendgrid
Zoho CRM
Manage attributes and mappings
Manage attributes and mappings
User attributes
OIDC attribute mappings
OIDC scopes
SCIM2 attribute mappings
Configure email address as the username
Configure unique attributes
Verification and notification settings for attribute updates
Verification and notification settings for attribute updates
Configure settings
Try it out
Try it out
Email address update verification
Mobile number update verification
Manage user stores
Manage user stores
Configure the primary user store
Configure the primary user store
Configure a JDBC user store
Configure a read-only LDAP user store
Configure a read-write Active Directory user store
Configure a read-write LDAP user store
Configure secondary user stores
User store properties
User store properties
Properties used in JDBC user store manager
Properties used in read-only LDAP user store manager
Properties used in read-Write Active Directory user store manager
Properties used in read-write LDAP user store manager
Configure user stores for SCIM 2.0
Configure Active Directory user stores for SCIM 2.0
Migrate users to WSO2 Identity Server
Migrate users to WSO2 Identity Server
Migrate user accounts
Migrate user passwords
Account configurations
Account configurations
Login security
Login security
Password validation
Login attempts
Bot detection
Session management
User Onboarding
User Onboarding
Self registration
Invite user to set password
Account recovery
Account recovery
Password recovery
Username recovery
Admin Initiated Password Reset
Notification settings
Account disabling
User self-service
User self-service
Self-service portal
Self-service portal
Configure the self-service portal
Update profile information
Change password
Manage linked social accounts
Export profile information
Manage consents
Manage login sessions
Self-register
Account confirmation for self-register
Register passkeys
Register Push Notification Device
Password recovery
Username recovery
Enroll TOTP
Manage backup codes
Discover applications
Build self-service capabilities
Organizations
Organizations
Try a B2B use case
Set up organizations
Set up administration for organizations
Share applications with organizations
Application Management
Application Management
Share applications
Organization applications
Manage conflicts in organizations
Onboard admins
Onboard admins
Sales-led approach
Self-service approach
Onboard users
Share user profiles with organizations
API authorization for organizations
Email domain based organization discovery
Customizations
Customizations
Customize branding
Customize branding
Configure UI branding
Branding AI
Customize layouts
Customize email templates
Customize SMS templates
Localization support
Extend with service extensions
Extend with service extensions
Understanding service extensions
In-flow extensions
In-flow extensions
Custom authentication
Pre-flow extensions (Actions)
Pre-flow extensions (Actions)
Setting up an action
Pre issue access token action
Pre update password action
Analytics
Analytics
ELK Analytics
ELK Analytics
Access analytics
Analyze login attempts
Analyze active sessions
ELK Alerts
Web analytic solutions
A/B Testing
OpenSearch
Your WSO2 Identity Server
Your WSO2 Identity Server
Manage Console access
Self-service
Recover your password
Recover your username
Recover super admin account
Multitenancy
Multitenancy
Manage Root Organizations (Tenants)
Tenant loading policy
Setup
Setup
Install
Install
Install
Run
Get WSO2 updates
Configure
Configure
User Stores
User Stores
Add high availability for LDAP
Secure a JDBC user store with PBKDF2 hashing
Configure the Authorization Manager
Configure the System Administrator
Databases
Databases
Change the Carbon Database
Change the Carbon Database
Change to IBM DB2
Change to MariaDB
Change to MSSQL
Change to MySQL
Change to Oracle
Change to Oracle RAC
Change to PostgreSQL
Change to remote H2
Change the Default Datasource for Consent Management
Change the Default Datasource for Session Data
Change the Default Datasources for the Registry Data
Data Dictionary
Data Dictionary
Registry Related Tables
User Management Related Tables
Identity Related Tables
Service Provider Related Tables
Identity Provider Related Tables
Data Purging
Remove References to Deleted User Identities
Session persistence
Clock tolerance
Email sending module
Secure
Secure
Mitigate attacks
Mitigate attacks
Cross Site Request Forgery attacks
Authorization Code Interception attacks
Brute Force attacks
Replay attacks
SameSite attribute support
Prevent browser caching
Work with tokens
Work with tokens
Add logs for tokens
Token persistence
Remove unused tokens from the database
Enable assertions in access tokens
Enable hostname verification
Transport Level Security
Transport Level Security
Configure TLS
Configure TLS termination
Configure post-quantum TLS
Maintain logins and passwords
Configure Admin Advisory Banner
Secure passwords in configuration files
Secure passwords in configuration files
Encrypt passwords with Cipher Tool
Resolve encrypted passwords
Customize secure vault
Set passwords using environment variables/system properties
Enable HTTP Strict Transport Security (HSTS) headers
Enable Java Security Manager
Enable Mutual SSL
Enable FIPS 140-2-compliant mode
Security guidelines
Security guidelines
Product-level
OS-level
Network-level
Encryption
Encryption
Symmetric encryption
Symmetric encryption
Asymmetric encryption
Asymmetric encryption
Keystores
Keystores
Create new keystores
Manage keystores
Manage CA-Signed certificates in a keystore
Deploy
Deploy
Deployment patterns
Deployment checklist
Deploy as a contanarized application
Deploy as a contanarized application
Kuberenetes
Openshift
WSO2 clusters with Nginx
Databases for clustering
Change the hostname
Configure Hazelcast
Backup and recovery recommendations
Troubleshoot in production environments
Performance
Performance
Performance tuning recommendations
Configure cache layers
Product compatibility
Promote configurations across environments
Disaster recovery
Disaster recovery
Understanding disaster recovery
Deployment patterns
Additional reading
Compliance
Compliance
GDPR
eIDAS
CCPA
FIPS
Accessibility compliance
Analytics
Analytics
Configure ELK analytics
Configure SSO with ELK analytics
Configure ELK alerts
Configure ELK analytics for adaptive authentication
Monitor
Monitor
Monitor logs
Monitor logs
Overview
HTTP access logs
Remote log publishing
Mask sensitive info
Mask sensitive info
Overview
Log masking with Filebeat
Log masking with Log4j
Log claims in audit logs
Monitor server health
JMX-Based Monitoring
Work with product observability
Upgrade WSO2 Identity Server
SDKs
SDKs
APIs
APIs
System APIs
System APIs
Admin advisory management API
Tenant management API
Management APIs
Management APIs
Action Management API
API resource management
Application management
Application management
Application management API
Authorized apps
Authorized apps
Authorized apps API V1
Authorized apps API V2
OAuth 2.0 scope management API
OpenID Connect scope management API
OIDC Dynamic Client Registration API
Script Library management API
App-native authentication API
Authentication Data API
Authenticators API
Certificate Validation Management API
Branding Preferences API
Claim management API
Email templates APIs
Email templates APIs
Email templates v1 API
Email templates v2 API
Extension management API
Identity provider API
Identity verification provider API
Idle accounts identification API
IdP session extension API
Notification sender management
Notification sender management
Notification sender configurations
Notification sender API
Notification Templates Management API
Organization discovery API
Organization discovery configuration management API
Organization management API
Role management
Role management
Roles v2 API
Roles v1 API (deprecated)
Rule Metadata API
Server management
Server management
Configuration management
Configuration management
Configuration management API
Retrieve Tenant Resources Based on Search Parameters
Identity governance
Identity governance
Identity Governance API introduction
Identity governance API
Keystore management API
User store management API
CORS API
Consent management
Consent management
Overview
Consent management API
Session management API
Server configuration API
User Functionality management API
User management
User management
SCIM 2.0 API
SCIM 2.0 API
SCIM 2.0 Users API
SCIM 2.0 Groups API
SCIM 2.0 Patch operations
SCIM 2.0 Bulk API
SCIM 2.0 Batch operations
SCIM 2.0 Resource types API
SCIM 2.0 Service provider configuration API
Account recovery APIs
Account recovery APIs
Account recovery v0.9 API
Account recovery v1 API (deprecated)
Account recovery v2 API
Offline user onboard management API
Self Sign-Up API
User Account Association API
Identity verification API
User sharing management API
Validation rules API
Organization APIs
Organization APIs
Get access for organization APIs
API resource management API
Application management
Application management
Application management API (Shared Applications)
Application management API
Authenticators API
Certificate Validation Management API
Branding management API
Claim management API
Email templates APIs
Email templates APIs
Email templates v1 API
Email templates v2 API
Identity provider management API
Identity recovery API
Idle accounts identification API
Invite parent organization's users API
Notification sender API
Notification Templates Management API
Offline user onboard management API
Organization discovery API
Organization management API
SCIM 2.0 Bulk API
SCIM 2.0 Group management API
SCIM 2.0 Role management API
User management
User management
SCIM 2.0 Users API
SCIM 2.0 Groups API
SCIM 2.0 Bulk API
User Account Association API
User sharing management API
User store management API
End User APIs
End User APIs
FIDO API
Session management API
SCIM 2.0 Me API
TOTP API
Push Notification Device API
User account association API
User discoverable application API
Identity Verification
References
References
Feature deprecation
User management
User management
User roles
Track user deletion
Self registration confirmation
App configurations
App configurations
OIDC configurations
SAML configurations
WS-Federation configurations
IdP configurations
IdP configurations
OIDC configurations
SAML configurations
Conditional authentication
Conditional authentication
Conditional auth - API
Authorization policies for apps
Notification templates
Notification templates
Email templates
SMS templates
Service extensions
Service extensions
In-flow extensions
In-flow extensions
Custom authentication
Custom authentication
API contract to implement
Pre-flow extensions (Actions)
Pre-flow extensions (Actions)
Pre issue access token action
Pre issue access token action
API contract to implement
Sample success reponses
Pre update password action
Pre update password action
API contract to implement
Architecture
IS extensions
IS extensions
Authentication
Authentication
OAuth2
OAuth2
Write a custom OAuth2 grant type
Conditional authentication
Conditional authentication
Write custom functions for conditional authentication
Write a custom local authenticator
Identity Federation
Identity Federation
Write a custom federated authenticator
User Management
User Management
SCIM2 Custom User Schema Support
Write a custom event handler
User Stores
User Stores
Write a custom user store manager
Default ports
Troubleshoot
Troubleshoot
Error catalog
API error catalog
App-native error catalog
Tutorials
Tutorials
Verifiable credentials with Microsoft Entra Verified ID
Verifiable credentials with MATTR
Send notifications through an external scheduled task
Configure Choreo for silent password migration
Build your own push authenticator app
IAM concepts
IAM concepts
OAuth2 grant types
OAuth2 Pushed Authorization Requests
Token binding
Token binding
Client-request
Financial-grade API
App-native authentication
OIDC session management
Push Notification based authentication
Technology Guides
Technology Guides
React
React
Introduction
2 mins
Prerequisite
30 secs
Configure an application
2 min
Create a React app
2 min
Configure Asgardeo SDK
2 min
Add login and logout
2 min
Display user details
2 min
Securing Routes
2 min
Accessing protected API
2 min
Manage tokens in React
2 min
Next Steps
1 min
React
Angular
Angular
Introduction
2 mins
Prerequisite
30 secs
Register an application
2 min
Create an Angular app
2 min
Configure Auth provider
2 min
Add login and logout
2 min
Display user details
2 min
Securing Routes
2 min
Accessing protected API
2 min
Manage tokens in Angular
2 min
Next Steps
1 min
Angular
Best Practice Guides
Best Practice Guides
Frontend Security
Frontend Security
Introduction
2 mins
In-app vs IdP-based login
30 secs
Public clients
2 min
Insecure token handling
2 min
Weak access control
4 min
Unauthorized access
2 min
Weak MFA
4 min
Partial user logouts
2 min
Product misconfiguration
2 mins
Cross-Site Scripting (XSS)
2 mins
Cross-Site Request Forgery (CSRF)
2 mins
Next Steps
1 min
Frontend Security
Back to top