# General authentication provider configuration

Configure your authentication provider directly in your particular provider's snap-in in the administration area, e.g. Authentication/LDAP provider. After that you can make further definitions in snap-in Authentication/Authentication Provider in the administration area.

The snap-in's first part (from field Provider name to Language mapping) is our general authentication configuration which is the same and can be used for all authentication providers.
It is possible to deactivate parts if not needed for a special provider.

The snap-in's second part is always a provider specific configuration. For details, take a look at the provider's own documentation (find all links here).

# General snap-in fields

The following table describes the general authentication configuration fields, valid for all authentication providers:

field attribute type description
Provider name name string Assign a name for the authentication provider (it will also be the filename of the configuration XML file).
Naming rules
Visible visible boolean
default: true		 If set to "true", the provider is shown on the authentication provider list in the login GUI.
Order order int Position on authentication provider list in login GUI.
The position of the default provider is 0. All below 0 will be listed before the default provider, all higher than 0 will be listed after.
Ignore frontend language ignore_frontend_language boolean Usually the frontend sends a language and this will be used for login. If you set this to "true", the frontend language will be ignored and the provider's language is used.
Default role id default_role_id string (CEId) Assigns this role to new users if no explicit mapping was configured.
Default language default_language string Assigns this language to new users if no explicit mapping was configured. If the language was not set, the user will see the default 4ALLPORTAL language.
Create contact sync_to_contact boolean
default: false		 Parameter will be ignored if 4App Essentials is not installed. If set to "true", a contact will be created (and later updated) on login automatically. It is also possible to activate sync user later by changing the user attribute sync_to_contact to true.
Mapping of user fields user_mapping complex Use to map external user data to 4ALLPORTAL user module fields (User mapping details).
Role mapping group_role_mappings complex Use to map external groups to 4ALLPORTAL roles (Role mapping details).
Language attribute language_attribute string Add the external attribute to read the language content from.
Language mapping language_mapping Map<String, String> Use to map external languages to 4ALLPORTAL languages (Language mapping details).

# Naming rules

The 4ALLPORTAL uses this name for the login to the authentication provider. Please consider the following rules when naming your provider:

  • The name of the authentication provider should not end with "_sso". If you use an LDAP provider with SSO, its name will be generated with "name" + "_sso" when a single_sign_on_url is set (only with 4App Authentication Provider LDAP).
  • The names of all existing authentication providers have to be unique. If a name is duplicate, an error will be logged.

# User mapping details

  • CoreEngine Field
    Target: Name of the field in module User to which the content shall be stored.
  • External Field
    Source: Attribute of the external system from which to retrieve the content.
  • Overwrite
    Default: true. If set to "false", the field will only be set on insert and not on update.

Overwrite is always false for field ext_id. The parameter will be ignored.
At least the field ext_id has to be mapped, but also the following fields are important:

  • username
  • email
  • firstname
  • lastname

# Role mapping details

  • Role
    Target: Name of the 4ALLPORTAL role.
  • Group
    Source: Name of the group in the external system.
  • Priority
    If the external system sends multiple groups, the group with the lowest value will be selected. Allowed values are from 0 (highest) to 2147483647. If not set, it equals the highest priority 0.

# Language mapping details

  • External language
    Name of the language in the external system.
  • CoreEngine language
    Language key from your 4ALLPORTAL. It is possible to map different external languages to the same 4ALLPORTAL language key.

# Additional information

When configuring an authentication provider, please note the following details:

  • Password restrictions only work for default 4ALLPORTAL user.
    • External systems are able to define the length and complexity of a password.
    • Setting a maximum for login attempts is not possible, because a user is not known until they successfully logged in.
  • The username in module user does not need to be unique, because field ext_id will be used for mapping.
  • Field ext_id of a user has to be set to a not changeable id of the external system. For Active Directory: objectSid.

Login screen: Default and chosen provider