logo logo
7.1.0
  • 7.1.0
  • 7.0.0
  • 6.1.0
  • 6.0.0
  • Show all
Initializing search
    • Home
      • Introduction
      • Quick Setup
          • Quickstart
          • Complete Guide
          • Quickstart
          • Complete Guide
        • Javascript Quickstart
        • Next.js Quickstart
        • Node.js Quickstart
        • Spring Boot Quickstart
      • Subscribe to AI features
      • About this release
    • Try for a sample app

    • Guides
      • Applications
        • Register an SPA
        • Register web app with OIDC
        • Register web app with SAML
        • Register a standard-based app
        • Register a mobile app
        • Register a machine-to-machine (M2M) app
        • Register a FAPI-compliant app
      • Authentication
          • Add login to apps
          • Add login to an SPA
          • Add login to a web app
          • Add login to a mobile app
        • Add login to SaaS apps
          • Google Workspace
          • Salesforce
          • Microsoft 365
          • Zoom
          • Slack
        • Add passwordless login
          • Add login with Magic link
            • Add login with Passkey
            • Validate FIDO attestations
          • Add login with Email OTP
          • Add login with SMS OTP
          • Add login with Push Notification
        • Add multi-factor authentication
          • Add TOTP
          • Add Email OTP
          • Add Passkey
          • Add SMS OTP
          • Add Push Notification
          • Add user-preferred MFA
          • Add x509 login
        • Add federated login
          • Add social login
            • Add Facebook login
            • Add Google login
            • Add Github login
            • Add Microsoft login
            • Add Apple login
            • Add X login
          • Add standard-based login
            • Add login with OIDC IdP
            • Add login with SAML IdP
            • Add login with WS-Federation
            • Add IWA login
            • Add Microsoft 365 login
            • Add AD FS login
          • Configure a custom connector
        • Enable user attributes
          • Enable attributes for OIDC apps
          • Enable attributes for SAML apps
        • Manage consent for user attributes
        • Configure Just-in-Time user provisioning
        • Add conditional authentication
          • Set up conditional authentication
            • Add access control
            • Age-based access
            • Concurrent session-based access
            • Add adaptive MFA
            • MFA based on user role
            • MFA based on auth context
            • MFA based on user store
            • MFA based on login-attempts
            • MFA based on user group
            • MFA based on user device
            • MFA based on IP address
            • MFA based on ELK-risk
            • MFA based on TypingDNA
          • Add passkey progressive enrollment
          • Add push notification device progressive enrollment
          • Add on-demand silent password migration
          • Write a custom authentication script
        • Configure multi-attribute login
        • App-native authentication
          • Add app-native authentication
          • Secure app-native authentication flows
          • Handle advanced login scenarios
        • Login Flow AI
        • Configure OIDC flows
          • Discover OIDC endpoints
          • Implement login using the Authorization Code flow
          • Implement login using the Authorization Code flow and PKCE
          • Implement private key JWT client authentication for OIDC
          • Implement login using Pushed Authorization Requests
          • Implement login using the Device Authorization flow
          • JWT Secured Authorization Response Mode (JARM) for OAuth 2.0
          • Implement login using the OIDC Hybrid Flow
          • Configure token exchange
          • Validate ID tokens
          • Request user information
          • Validate tokens
          • Revoke tokens
          • Implement logout
          • Implement back channel logout
          • Implement federated IdP-initiated logout
        • Configure SAML flows
          • Discover SAML endpoints and settings
          • Implement SAML federated IdP-initiated SSO
      • Authorization
          • Role-based access control
        • User Impersonation
        • Rich Authorization Requests
      • Identity Verification
        • Configure an Identity Verification Provider
      • User management
        • Manage administrators
        • Manage users
        • Manage groups
        • Manage roles
        • Manage active sessions
          • Inbound provisioning
          • Outbound provisioning
              • Organization-level provisioning
              • IdP-level provisioning
            • Role-based provisioning
              • Google
              • Salesforce
              • SCIM2
              • Custom Outbound Connector
            • Provisioning patterns
          • Overview
          • Hubspot
          • Salesforce
          • Pipedrive CRM
          • Sendgrid
          • Zoho CRM
        • Manage attributes and mappings
          • User attributes
          • OIDC attribute mappings
          • OIDC scopes
          • SCIM2 attribute mappings
          • Configure email address as the username
          • Configure unique attributes
            • Configure settings
              • Email address update verification
              • Mobile number update verification
        • Manage user stores
          • Configure the primary user store
            • Configure a JDBC user store
            • Configure a read-only LDAP user store
            • Configure a read-write Active Directory user store
            • Configure a read-write LDAP user store
          • Configure secondary user stores
          • User store properties
            • Properties used in JDBC user store manager
            • Properties used in read-only LDAP user store manager
            • Properties used in read-Write Active Directory user store manager
            • Properties used in read-write LDAP user store manager
          • Configure user stores for SCIM 2.0
          • Configure Active Directory user stores for SCIM 2.0
        • Migrate users to WSO2 Identity Server
          • Migrate user accounts
          • Migrate user passwords
      • Account configurations
          • Password validation
          • Login attempts
          • Bot detection
          • Session management
          • Self registration
          • Invite user to set password
          • Password recovery
          • Username recovery
          • Admin Initiated Password Reset
        • Notification settings
        • Account disabling
      • User self-service
          • Configure the self-service portal
          • Update profile information
          • Change password
          • Manage linked social accounts
          • Export profile information
          • Manage consents
          • Manage login sessions
          • Self-register
          • Account confirmation for self-register
          • Register passkeys
          • Register Push Notification Device
          • Password recovery
          • Username recovery
          • Enroll TOTP
          • Manage backup codes
          • Discover applications
        • Build self-service capabilities
      • Organizations
        • Try a B2B use case
        • Set up organizations
        • Set up administration for organizations
        • Share applications with organizations
          • Share applications
          • Organization applications
        • Manage conflicts in organizations
        • Onboard admins
          • Sales-led approach
          • Self-service approach
        • Onboard users
        • Share user profiles with organizations
        • API authorization for organizations
        • Email domain based organization discovery
        • Customize branding
          • Configure UI branding
          • Branding AI
          • Customize layouts
          • Customize email templates
          • Customize SMS templates
          • Localization support
          • Understanding service extensions
            • Custom authentication
            • Setting up an action
            • Pre issue access token action
            • Pre update password action
        • ELK Analytics
          • Access analytics
          • Analyze login attempts
          • Analyze active sessions
          • ELK Alerts
        • Web analytic solutions
        • A/B Testing
        • OpenSearch
      • Your WSO2 Identity Server
        • Manage Console access
        • Self-service
        • Recover your password
        • Recover your username
        • Recover super admin account
      • Multitenancy
        • Manage Root Organizations (Tenants)
        • Tenant loading policy
        • Install
        • Run
        • Get WSO2 updates
        • User Stores
          • Add high availability for LDAP
          • Secure a JDBC user store with PBKDF2 hashing
          • Configure the Authorization Manager
          • Configure the System Administrator
        • Databases
          • Change the Carbon Database
            • Change to IBM DB2
            • Change to MariaDB
            • Change to MSSQL
            • Change to MySQL
            • Change to Oracle
            • Change to Oracle RAC
            • Change to PostgreSQL
            • Change to remote H2
            • Change the Default Datasource for Consent Management
            • Change the Default Datasource for Session Data
            • Change the Default Datasources for the Registry Data
            • Registry Related Tables
            • User Management Related Tables
            • Identity Related Tables
            • Service Provider Related Tables
            • Identity Provider Related Tables
          • Data Purging
          • Remove References to Deleted User Identities
        • Session persistence
        • Clock tolerance
        • Email sending module
          • Cross Site Request Forgery attacks
          • Authorization Code Interception attacks
          • Brute Force attacks
          • Replay attacks
          • SameSite attribute support
          • Prevent browser caching
          • Add logs for tokens
          • Token persistence
          • Remove unused tokens from the database
          • Enable assertions in access tokens
        • Enable hostname verification
          • Configure TLS
          • Configure TLS termination
          • Configure post-quantum TLS
        • Maintain logins and passwords
        • Configure Admin Advisory Banner
          • Encrypt passwords with Cipher Tool
          • Resolve encrypted passwords
          • Customize secure vault
          • Set passwords using environment variables/system properties
        • Enable HTTP Strict Transport Security (HSTS) headers
        • Enable Java Security Manager
        • Enable Mutual SSL
        • Enable FIPS 140-2-compliant mode
        • Security guidelines
          • Product-level
          • OS-level
          • Network-level
          • Symmetric encryption
          • Asymmetric encryption
          • Keystores
            • Create new keystores
            • Manage keystores
            • Manage CA-Signed certificates in a keystore
        • Deployment patterns
        • Deployment checklist
          • Kuberenetes
          • Openshift
        • WSO2 clusters with Nginx
        • Databases for clustering
        • Change the hostname
        • Configure Hazelcast
        • Backup and recovery recommendations
        • Troubleshoot in production environments
          • Performance tuning recommendations
          • Configure cache layers
        • Product compatibility
        • Promote configurations across environments
          • Understanding disaster recovery
          • Deployment patterns
          • Additional reading
      • Compliance
        • GDPR
        • eIDAS
        • CCPA
        • FIPS
        • Accessibility compliance
        • Configure ELK analytics
        • Configure SSO with ELK analytics
        • Configure ELK alerts
        • Configure ELK analytics for adaptive authentication
      • Monitor
          • Overview
          • HTTP access logs
          • Remote log publishing
            • Overview
            • Log masking with Filebeat
            • Log masking with Log4j
          • Log claims in audit logs
        • Monitor server health
        • JMX-Based Monitoring
        • Work with product observability
      • Upgrade WSO2 Identity Server
    • SDKs
    • APIs
        • Admin advisory management API
        • Tenant management API
        • Action Management API
        • API resource management
          • Application management API
            • Authorized apps API V1
            • Authorized apps API V2
          • OAuth 2.0 scope management API
          • OpenID Connect scope management API
          • OIDC Dynamic Client Registration API
          • Script Library management API
        • App-native authentication API
        • Authentication Data API
        • Authenticators API
        • Certificate Validation Management API
        • Branding Preferences API
        • Claim management API
          • Email templates v1 API
          • Email templates v2 API
        • Extension management API
        • Identity provider API
        • Identity verification provider API
        • Idle accounts identification API
        • IdP session extension API
          • Notification sender configurations
          • Notification sender API
        • Notification Templates Management API
        • Organization discovery API
        • Organization discovery configuration management API
        • Organization management API
          • Roles v2 API
          • Roles v1 API (deprecated)
        • Rule Metadata API
            • Configuration management API
            • Retrieve Tenant Resources Based on Search Parameters
            • Identity Governance API introduction
            • Identity governance API
          • Keystore management API
          • User store management API
          • CORS API
            • Overview
            • Consent management API
        • Session management API
        • Server configuration API
        • User Functionality management API
          • SCIM 2.0 API
            • SCIM 2.0 Users API
            • SCIM 2.0 Groups API
            • SCIM 2.0 Patch operations
            • SCIM 2.0 Bulk API
            • SCIM 2.0 Batch operations
            • SCIM 2.0 Resource types API
            • SCIM 2.0 Service provider configuration API
            • Account recovery v0.9 API
            • Account recovery v1 API (deprecated)
            • Account recovery v2 API
          • Offline user onboard management API
          • Self Sign-Up API
          • User Account Association API
          • Identity verification API
        • User sharing management API
        • Validation rules API
      • Organization APIs
        • Get access for organization APIs
        • API resource management API
          • Application management API (Shared Applications)
          • Application management API
        • Authenticators API
        • Certificate Validation Management API
        • Branding management API
        • Claim management API
          • Email templates v1 API
          • Email templates v2 API
        • Identity provider management API
        • Identity recovery API
        • Idle accounts identification API
        • Invite parent organization's users API
        • Notification sender API
        • Notification Templates Management API
        • Offline user onboard management API
        • Organization discovery API
        • Organization management API
        • SCIM 2.0 Bulk API
        • SCIM 2.0 Group management API
        • SCIM 2.0 Role management API
        • User management
          • SCIM 2.0 Users API
          • SCIM 2.0 Groups API
          • SCIM 2.0 Bulk API
          • User Account Association API
        • User sharing management API
        • User store management API
        • FIDO API
        • Session management API
        • SCIM 2.0 Me API
        • TOTP API
        • Push Notification Device API
        • User account association API
        • User discoverable application API
        • Identity Verification
    • References
      • Feature deprecation
        • User roles
        • Track user deletion
        • Self registration confirmation
      • App configurations
        • OIDC configurations
        • SAML configurations
        • WS-Federation configurations
      • IdP configurations
        • OIDC configurations
        • SAML configurations
        • Conditional auth - API
      • Authorization policies for apps
        • Email templates
        • SMS templates
            • API contract to implement
            • API contract to implement
            • Sample success reponses
            • API contract to implement
      • Architecture
      • IS extensions
            • Write a custom OAuth2 grant type
            • Write custom functions for conditional authentication
          • Write a custom local authenticator
          • Write a custom federated authenticator
          • SCIM2 Custom User Schema Support
          • Write a custom event handler
          • Write a custom user store manager
      • Default ports
      • Troubleshoot
        • Error catalog
        • API error catalog
        • App-native error catalog
        • Verifiable credentials with Microsoft Entra Verified ID
        • Verifiable credentials with MATTR
        • Send notifications through an external scheduled task
        • Configure Choreo for silent password migration
        • Build your own push authenticator app
        • OAuth2 grant types
        • OAuth2 Pushed Authorization Requests
        • Token binding
          • Client-request
        • Financial-grade API
        • App-native authentication
        • OIDC session management
        • Push Notification based authentication
        • Introduction 2 mins
        • Prerequisite 30 secs
        • Configure an application 2 min
        • Create a React app 2 min
        • Configure Asgardeo SDK 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Manage tokens in React 2 min
        • Next Steps 1 min
        React
        • Introduction 2 mins
        • Prerequisite 30 secs
        • Register an application 2 min
        • Create an Angular app 2 min
        • Configure Auth provider 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Manage tokens in Angular 2 min
        • Next Steps 1 min
        Angular

        • Introduction 2 mins
        • In-app vs IdP-based login 30 secs
        • Public clients 2 min
        • Insecure token handling 2 min
        • Weak access control 4 min
        • Unauthorized access 2 min
        • Weak MFA 4 min
        • Partial user logouts 2 min
        • Product misconfiguration 2 mins
        • Cross-Site Scripting (XSS) 2 mins
        • Cross-Site Request Forgery (CSRF) 2 mins
        • Next Steps 1 min
        Frontend Security

    Back to top

    Join our Discord

    Connect with our community on our official Discord server. Share ideas, get help, and be a part of the awesome conversations!

    Join Discord
    Ask on Stackoverflow
    Head over to GitHub
    Follow us on X (Formerly Twitter)
    Subscribe to our YouTube Channel
    © 2024-2025 WSO2 LLC.  |  Content licensed under CC By 4.0. | Sample code licensed under Apache 2.0.