This step type delegates user authentication to an external identity provider.

Step properties used with flow definitions

Configuration schema property Description
There are no configuration schema properties for the IDENTITY_PROVIDER_AUTHENTICATION step type.
Input property Description
identityProvider.id A string that specifies the external identity provider’s ID. This is a required property.
identityProvider.loginHint A string that specifies the login identifier to the identity provider.
identityProvider.acrValues An array that designates the names of the authentication policies applicable to the authorization request.

The following properties are returned for the ACCOUNT_LINKED result.

Output property Description
externalAuthentication.id A string that specifies the ID for the external authentication transaction. This is a required property.
externalAuthentication.externalId A string that specifies the unique identifier for the user returned by the external identity provider. This is a required property.
externalAuthentication.identityProvider.id A string that specifies the ID for the external identity provider. This is a required property.
externalAuthentication.attributes An object that specifies the mapped attributes returned by the external identity provider.
linkedUser An object that specifies the user linked to the external account from the extrnal identity provider. Properties are dynamically derived from the environment’s schema at configuration time. This is a required property.

The following properties are returned for the ACCOUNT_LINKING_REQUIRED result.

Output property Description
externalAuthentication.id A string that specifies the ID for the external authentication transaction. This is a required property.
externalAuthentication.externalId A string that specifies the unique identifier for the user returned by the external identity provider. This is a required property.
externalAuthentication.identityProvider.id A string that specifies the ID for the external identity provider. This is a required property.
externalAuthentication.attributes An object that specifies the mapped attributes returned by the external identity provider.
mappedUser An object that specifies the user with mapped attribute values that can be used to pre-fill an external identity provider registration form. This is a required property.
matchingUsers An object that specifies the list of existing users that may be candidates for linking to the external account. These users are matched based on mapped attribute values.
user[].{{properties}} An object that specifies the flow output. User properties are dynamically derived from the environment’s schema at configuration time.

Step properties used with flow executions

Properties for the EXTERNAL_AUTHENTICATION_REQUIRED flow state

Flow state Description
EXTERNAL_AUTHENTICATION_REQUIRED A flow status that prompts the user to authenticate with an external identity provider to continue the flow.
Flow state response schema property Description
authenticate.href A string that specifies the browser URL redirect to authenticate with the external identity provider.
Flow state embedded resource property Description
identityProvider.name A string that specifies the identity provider’s name.
identityProvider.type A string that specifies the identity provider’s type. Options are FACEBOOK, GOOGLE, LINKEDIN, OPENID_CONNECT, APPLE, AMAZON, TWITTER, YAHOO, PAYPAL, MICROSOFT, GITHUB, and SAML.

Flow execution actions

externalAuthentication.check action

Links Description
externalAuthentication.check The link to initiate an action to check the external authentication ID. The action must provide a value for the id property and specify application/vnd.pingidentity.externalAuthentication.check+json as the custom content type in the request.
Parameters Description
externalAuthentication.id A string that specifies the external authentication ID. This is a required property.