What identity providers can be used in OutSystems apps?

Table of contents

1. Supported identity protocols
2. Identity provider connectors
3. Extending the platform to connect to other identity providers or protocols

Supported identity protocols

Out-of-the-box OutSystems supports a number of different identity providers and protocols for your apps, including:

• Built-in: OutSystems securely stores the user information. Users are authenticated with the built-in authentication mechanism. This is the fastest way to get started since it requires no configuration.
• Active Directory: When users try to authenticate in an application, the application delegates the authentication to the Active Directory domain controller. Windows integrated authentication using NTLM or Kerberos. This is handled behind the scenes so users don't have to type their credentials.
• LDAP: When users try to authenticate in an application, the application delegates the authentication to the LDAP server.
• Azure AD: Uses SAML-based authentication to authenticate the end-users with single sign-on (SSO) provided by the Azure AD Identity Provider.
• OKTA: Uses SAML-based authentication to authenticate the end-users with single sign-on (SSO) provided by OKTA.
• SAML 2.0: Uses SAML-based authentication to authenticate the end-users with single sign-on (SSO) provided by any commercial Identity Provider that supports SAML such as OneLogin or PingFederated.
• OAuth2: OAuth2 is an authentication protocol on top of HTTP therefore it is possible to use the built-in platform capabilities to authenticate with external providers that use OAuth2 as a protocol. It is also possible to implement and use OutSystems as an OAuth2 Authentication Server. Examples of how to leverage these capabilities and connectors are available in the forge.

Identity provider connectors

Complementing the built-in connectors and authentication capabilities, more examples of authentication protocols implementation and specific connectors to authentication providers are available in the forge and can be easily installed. This enables organizations to configure OutSystems authentication mechanisms to work with their enterprise authentication platform. Examples of available connectors supporting protocols such as OpenID Connect (OIDC) or OAuth2 include:

• Facebook Login: use facebook as identity provider;
• Google OAuth: use google as identity provider;
• Okta OpenID: use OKTA OpenId connector as identity provider.

Extending the platform to connect to other identity providers or protocols

If the desired identity provider is not available out-of-the-box or in the Forge, a development team can easily extend the built-in OutSystems authentication flow.

In order to accelerate development, teams can leverage third-party libraries that already implement the desired protocol, and integrate these with the built-in authentication. These libraries may implement complex encoding algorithms, or the full authentication flow.

OutSystems supports multiple authentication flows. This provides the flexibility for organizations to have different authentication flows for certain applications, or to have one centralized authentication flow for all applications.

Please check the following Learning Course to get specific guidance on how-to extend OutSystems authentication flows.