Stable Version 5.0.0 (Compatible with OutSystems 11)
Other versions available for 10 and Older
Published on 25 Feb by 
 (44 ratings)


IdP Connector is a generic federated identity provider (IdP) connector, using the SAML protocol to connect to external identity providers. IdP allows your OutSystems applications to integrate with single sign-on (SSO) provided by most of the commercial Identity Provider companies. Also supports SSO from OutSystems mobile apps, alongside with IdP Mobile connector. Tested with Okta, Azure, ADFS, PingOne, OneLogin and ForgeRock OpenAM.
Read More

How to use IdP connector

After download, you will need to configure your application to use the IdP connector and also to configure the IdP connector with settings from your Identity Provider.

You can learn how to configure the IdP connector.

Feature List

  • SAML Response validation
  • SAML decrypt assertion
  • Create SAML Request
  • The browser interacts with the user's SAML 2.0-compliant Identity Provider, validates the user credentials, creates the SAML assertion, and sends the assertion to OutSystems applications.
  • SSO lets users sign in once and remain authenticated as they access services in the circle of trust.
  • SAML Single-Logout flow (SLO initiated by IdP Connector or initiated by IdP Server)
  • Import/Export SAML metadata
  • Mobile Support (with IdP Mobile connector)

What’s new (5.0.0)


Before installing this version, backup your IDP configurations. This version has the logic to migrate the configurations to the new version, but it is recommended that you perform a backup for any unforeseen issue.

New Features:

  • It's now possible to have multiple configurations per tenant. They are now called (SAML Apps)
    • With this feature, it's now easier to support the usage of configurations on different tenants as well as adding support for tenant configurations on Reactive Web applications and Mobile applications.
    • You now have an optional parameter called SAMLAppName in the IdP_SSO_URL action that will let you choose which configuration to use for the login flow. This value maps to the SAML App name of the configuration.
  • Added a reference to the IdP Customizations service module in order to allow the usage of custom logic during the Login process for the user provision/update as well as group/role mapping.
    • With the IdP Customizations service module, you can add your logic without worrying that a future version of IDP will overwrite your changes
    • You can select if you want to use the customization logic per SAML App.
  • Added a check for the "Single Sign-On Between App Types" environment setting.
    • If you are on PS 11.10.0+ you can take advantage of this flag to authenticate users both on traditional and Reactive applications without needing to use IdP React
  • Tweaked the download link for the SP Keystore and Certificate to better distinguish them
  • Upgraded the SAML Utils extension to .NET 4.7.2


  • Revamped UI
  • Corrected a large number of "best practices" recommended by Architecture Dashboard
  • Improved the logic to reduce the number of repeated queries during the login and logout process.
  • Moved all static content to a resources module (images and XML templates)
  • Improved the generation of the SP metadata file to also include the custom claims
  • Improved the UI of the redirect pages to provide better feedback to the user.
  • Marked as deprecate the IdP_SSO_URL and IdP_SingleLogout_URL.
    • Added new ones for the different use cases ( IdPReact and IdPMobile) in order to reduce the number of inputs required.
  • Moved the certificate validation and expiration date calculation to the upload process. 
    • This will improve the load of the configuration pages since we were calculating this every time you entered that page.

Bug Fixing:

  • Fixed some minor issues while downloading the SP Keystore certificate
  • Fixed logout redirect for Reactive applications due to the Google SameSite cookies change.
  • Fixed login interaction with IdP React component
  • Fixed a UI issue where only the first custom claim was being displayed until you saved the SP configuration.
  • Fixed browser detection when using the system browser on the IdP Mobile component
  • Fixed the generation of the iOS deep link when using the the system browser on the IdP Mobile component

Reviews (2)
in version 4.2.6
The configuration would be much easier if it was documented how the fields map to fields in the Users table
in version 4.2.0
Easy to set and use with corporate AD FS and as a general component too.