By: Michael Christ user 09 May 2019 at 12:45 p.m. CDT

5 Responses
Michael Christ gravatar
Hi: We have a SaaS application and it looks like we need a robust Identity Provided (IdP) for the following requirements: * Allow some customers to store their credentials in our IdP * Allow other customers to authenticate with their internal credential store using LDAP, SAML, or OAuth * Allow other customers to authenticate using social media credentials Does Gluu provide all of these options? Thanks for the help.

By Aliaksandr Samuseu staff 09 May 2019 at 1:33 p.m. CDT

Aliaksandr Samuseu gravatar
Hi, Michael. >Allow some customers to store their credentials in our IdP Gluu allow you to maintain local user accounts in its internal LDAP server, and use them to authenticate users. This auth method can coexist with other auth methods Gluu Server supports. The main question here is how do you plan to add those local users. Gluu provides some simple user registration and management features, but it may not be enough for a serious production setup relying heavily on those features. >Allow other customers to authenticate with their internal credential store using LDAP, SAML, or OAuth Gluu Server supports a variety of authentication strategies, you can see the full list of them in "User authentication" section of [the docs portal](https://gluu.org/docs/ce/3.1.6/). That includes SAML and oAuth/OIDC authentication against some external IDP via inbuilt Passport.js module. >Allow other customers to authenticate using social media credentials Should be possible via the Passport as well (Facebook is supported, at least).

By Michael Christ user 09 May 2019 at 2:13 p.m. CDT

Michael Christ gravatar
Thank you for the quick response.

By William Lowe staff 09 May 2019 at 2:55 p.m. CDT

William Lowe gravatar
Right, and just to add a bit of clarification... it's not a matter of using external creds to authenticate, so to speak. Users must be sent to those external identity providers (like facebook, google, or their own organization's IDP) for authentication, then returned back to your system with identity data. We call this inbound identity. It's a very common requirement for SaaS providers, and is a typical use case for the Gluu Server.

By Michael Christ user 10 May 2019 at 9:06 a.m. CDT

Michael Christ gravatar
William: Thank you for your response.

By Michael Christ user 10 May 2019 at 9:40 a.m. CDT

Michael Christ gravatar
William: where in the documentation would I find instructions for authentication process for each of our SaaS customers. For example: customer 1 wants to authenticate with their IdP via SAML; customer 2 wants to authenticate with LDAP; customer 3 wants to authenticate via the user store within Gluu. Thank you!