Instead of only using the Picturepark IDS, you can connect an OpenID Provider, which will serve as an Identity Provider to the Picturepark IDS. The selected Identity Provider (IdP) must support the standardized Open ID Connect protocol, which itself allows a flexible implementation that varies in required metadata or ACR values.
...
| Expand |
|---|
| title | Create Identity Provider (Claim) Mappings |
|---|
|
Create Identity Provider (Claim) MappingsYou can configure claim mappings and group mappings for your external Identity Provider. | Include Page |
|---|
| TERMS:Identity Provider |
|---|
| TERMS:Identity Provider |
|---|
|
PrerequisitesCreate Claim MappingsOpen Settings > IdP Settings. You will see a setting entry for your new Identity Provider in the list. Double-click to open it. On the right side, in the first tab, you can add the claim mapping: Add claim mapping. Provide the claim name from your AD, which holds the user attributes e.g., company, telephone number. Ensure the correct spelling! Map to Picturepark user attributes.
 On the right side in the second tab, you can add the group mapping: Add group mappings. Provide the claim name (issued claims) from your AD, which holds your user group assignments, e.g., Groups. Ensure the spelling is correct!
 Define a Fallback user role. The fallback user role of the IdP will only be used if none of the group mappings find a matching role or the default user role is not defined for the Picturepark. This cannot be Super Admins. Map Group names from your AD to user roles in Picturepark.
 | Note |
|---|
Without group mappings , your users will be able to login to Picturepark but will either have only the default role or fallback user role of your Picturepark assigned (if there is any these are configured) . You can or will not have any access. Be aware that you can also add roles to federated users in Picturepark. |
Automatic Claim MappingsThe following attributes are mapped automatically in CP (if not overridden by a claim mapping). Further information about claims here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/the-role-of-claims User attribute | Claim types (first to have a value wins) | Email | email, that will be used as a username in Picturepark (mandatory). | sub | User identifier of the user within the IdP (mandatory; provided by ADFS in basic configuration). | First name | given_name | Last name | family_name | Language code | locale |
After Creating Identity Provider MappingsAdd Identity Provider to users
|
...
| Expand |
|---|
| title | Delete Identity Provider |
|---|
|
Delete Identity ProviderOpen Settings > IdP setup. In the list, delete your Identity Provider.
Before deleting Identity ProviderOpen Users. Switch Search Mode to Advanced. Search for all users which have the Identity Provider assigned
identityProviderId:<id> Update those users, as otherwise, they can no longer log in to Picturepark.
Effects of deleting Identity Provider |
| Expand |
|---|
| title | Purge Identity Provider |
|---|
|
Purge Identity ProviderOpen Settings > IdP setup. In the list, select your Identity Provider. Choose “Purge”. In the confirmation dialog, select Purge.
Effects of purging Identity Provider |
...