cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
KAREN_CG791
New Member

SSO configuring OpenId identity provider

Hello!

 

 We are in the analysis phase of our project and we were thinking to implement power pages for a B2C portal. Our client is an outsourcing company and its client is a bank. So who will need access to the portal are the bank customers to request some services from the bank.

  • The portal will be owned by the outsourcing company tenant. 
  • The Active Directory where the customers will be located is the Bank AD
  • The bank customers they have duplicated e-mails. This means more than one contact will have the same e-mail.

The power page will be called by another website. This site will send us a Token where will be contained the bank customer information because it has been requested to have implemented the SSO. The bank customer shouldn't log in again in out portal if previously this action was done in the website.

 

Reading the documentation from Microsoft the username from the contact is used to identify the contact record who is making the log in the portal. But as well i read that for OpenId  FAQs:

 

Does portals require any specific claim in an ID token*?

In addition to all required claims, the portals feature requires a claim representing the email address of users in the ID token. This claim must be named email, emails, or upn.

Apart from all the required claims, portals requires a claim representing email address of the users in the id_token. This claim must be named as either “email”, “emails” or “upn”.

These claims are processed at in the following order of priority to set as the Primary Email Address of the contact record in Dataverse:

  1. email
  2. emails
  3. upn

When in use, "emailclaimsmapping" is also used to search for an existing contact (Primary Email Address field in Dataverse).

 

So my main concern is... If we can avoid using the email claims in the Token and in place of that we add the claim which is used to map the username of the contact table . Could be possible to get this SSO to our portal which is requested by the bank or not?

 

 

0 REPLIES 0

Helpful resources

Announcements
Carousel Community Blog

Check out the Community Blog

Read all about the most recent blogs in the community!

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Carousel News & Announcements

What's New in the Community?

Check out the latest News & Events in the community!

Top Solution Authors
Users online (6,001)