Docs Developer Site
Enonic XP
arrow-down
    1. Widgets
    1. ID providers
    2. System ID provider
    3. Users and groups
    4. Roles
    1. Projects
    2. Layers
        1. AttachmentUploader
        2. Checkbox
        3. Combobox
        4. ContentSelector
        5. ContentTypeFilter
        6. CustomSelector
        7. Date
        8. DateTime
        9. Double
        10. GeoPoint
        11. HtmlArea
        12. ImageSelector
        13. Long
        14. MediaSelector
        15. Radiobutton
        16. Tag
        17. TextArea
        18. TextLine
        19. Time
      2. Field set
      3. Item set
      4. Option set
      5. Mixins
      6. Localization
    4. Content Types
    5. X-data
    6. Macros
    7. Custom styles
    8. Sites
      1. Regions
      2. Part component
      3. Layout component
      4. Text component
      5. Fragments
      6. Filtering
      7. Component indexing
      8. Visual editor
    10. Page templates
  4. Applications
    1. Sandboxes
    2. Code
    3. Building
    4. Configuration
    5. TypeScript
      1. Globals
      2. HTTP
      3. Controllers
      4. Filters
      5. Events
      6. Websocket
      7. Error handler
      8. ID provider
      9. Tasks
      10. Localization
      11. Mappings
      12. Components
      13. Processors
      14. Contributions
      15. Templating
      16. Main controller
      17. Java bridge
      1. Admin API
      2. Application API
      3. Auditlog API
      4. Authentication API
      5. Cluster API
      6. Common API
      7. Content API
      8. Context API
      9. Event API
      10. Export API
      11. Grid API
      12. I18N API
      13. IO API
      14. Mail API
      15. Node API
      16. Portal API
      17. Project API
      18. Repo API
      19. Scheduler API
      20. Schema API
      21. Tasks API
      22. Value API
      23. VHost API
      24. Websocket API
      1. Webapp Engine
        1. Image service
        2. Component service
      3. Admin Engine
      4. Asset service
      5. HTTP service
      6. IDprovider service
    2. Task engine
    3. Management Endpoint
    4. Statistics Endpoint
    1. Nodes and repos
    2. Properties
    3. Indexing
    4. Branches
    5. Queries (NoQL)
    6. Queries (DSL)
    7. Filters
    8. Aggregations
    9. Highlighting
    10. Editors
    1. Strategies
    2. Distributions
    3. Docker image
    4. Vhosts
    5. Configuration
    6. Backup & restore
    7. Systemd
    8. Clustering
  9. Audit Logs
    1. Upgrade Notes
    2. Upgrading Apps
Developer Docs Xp Next Iam Idproviders

ID providers (IDP)

Contents

ID providers provide a pluggable abstraction layer for user authentication and access management in XP.

System ID provider

To get started quickly, Enonic XP ships with a built-in IDprovider called the System ID provider. This is most commonly used by developers, or for administrative purposes.

Creating an ID provider

ID providers can be created and managed in the Users app, or via the API. An ID provider essentially consist of the following:

  • A unique name (cannot be changed later)

  • ID provider application, with optional configuration settings.

    You may choose from a range of standard ID providers on Enonic Market, or build your own for a fully customized approach.

  • Permissions - specifies who can manage and access the ID provider

Setting up an ID provider from the Users admin tool

Once your ID provider is created, you may start working with users and groups within it.

Often, ID providers are simply proxies against 3rd party systems such as Google Auth, or Microsoft Entra, In this case, you will not be able to manage the users locally - they will typically appear in XP once they sign in the first time.

Access management

The main purpose of IDproviders is to control access to XP. Once you have configured your ID provider, the next step is to associate it with the endpoint you wish to protect - i.e XP admin, an API or a site. This is done by adding it to your virtual hosts configuration.

ID providers generally have a lazy approch to autentication, and will only trigger one a requested resource responds with a 401 code (Unauthenticated).

Contents

Contents