OAuth 2.0 SSO configuration examples

This page shows detailed configuration samples of how to use IAM with various OAuth/OIDC identity providers. IAM is in the role of the relying party (RP) or OAuth client, respectively.

For the configuration examples, any user that logs in must exist in the IAM Loginapp's user store. To ensure user validity, an 'Additional Authenticator' is configured.

This is not desirable in all setups. Consider using one of the following possibilities:

  • Remove the Loginapp's user store: in this case, the user identified by the OP will be authenticated as is.
  • Enable Account Linking, see Airlock IAM as client (OAuth 2.0/OIDC). This may be combined with automated account registration.