The Picturepark Content Platform uses a secure authentication system build on Open ID Connect, which allows users to log in to one or multiple different Picturepark Content Platforms with the same Picturepark account, they already use with Picturepark. The Picturepark login is also the preferred method to connect your users with Picturepark Apps, Picturepark Microsites, or via direct user-centric API requests.
Benefits of one Picturepark account for multiple platforms:
One central user repository (Identity Provider) for authentication.
Different permissions per platform role assignments.
Accessing multiple Picturepark platforms with the same account.
One login to connect them all, Picturepark apps and Picturepark Microsites and Picturepark customer systems.
Authentication using highly secure and flexible protocol Open ID Connect.
Easy administration and faster development cycles for new apps.
The Picturepark Content Platform serves the needs of multiple Picturepark customers, where separate user databases become an administrative and security nightmare. For the purpose of saving valuable IT resources Picturepark delegated user authentication and user provisioning to the Picturepark Identity Server (Picturepark IDS) as the default trusted Identity Provider (IdP), connected with Open ID Connect, the industry-standard protocol for secure and flexible authentication. The Picturepark IDS saves all user attributes required to authenticate users in one or multiple different Picturepark Content Platforms.
Copyright Image: Designed by gstudioimagen / Freepik
💻 The user requests access to Picturepark via Login Form.
🏢 The request is sent to the Picturepark IDS which verifies the identity.
🔑 The Picturepark IDS grants or denies access.
To configure the Picturepark IDS authentication, you need the following items:
A Picturepark subscription.
The Picturepark IDS authentication is inbuilt and needs no further configuration except the creation of a user, either via an administrator or via self-registration on the sign-up form.
Picturepark-Sign-up.mp4Instead of only using the Picturepark IDS you can connect an OpenID Provider, which will serve as Identity Provider to the Picturepark IDS. The desired Identity Provider (IdP) must support the standardized Open ID Connect protocol, which itself allows a flexible implementation that varies in required metadata or ACR values.
Benefits of adding an external Identity Provider (IdP):
Linking 3rd party accounts to your Picturepark Content Platform.
Connect to Picturepark quickly, seamlessly, and securely with an existing user account, e.g. from the company Active Directory or any trusted, in-place Identity Provider (IdP).
Add one or multiple supported Open ID Providers easily to your Picturepark.
Full control over permitted Identity Provider (IdP) on a user base, by adding the allowed IdP to the user, e.g. ADFS for employees only, Azure for agencies, and Picturepark IDS for all other users.
Copyright Image: Designed by gstudioimagen / Freepik
💻 The user requests access to Picturepark via IdP button on Login Form, via "Connect via IdP" buttons.
🌍 Picturepark IDS sends the request to the configured Open ID Provider (IdP) which verifies the identity and sends the configured claims.
🔑 Picturepark CP authenticates the user.
To configure an Open ID provider, you need the following items:
A Picturepark subscription.
A supported Open ID Provider setup and configured, e.g. ADFS on Windows Server 2016.
You cannot remove roles from federated users when these roles were assigned from an IdP. Roles must be added to or removed from users via role mappings.
Federated users cannot create API tokens.
Federated users cannot be Invited or set to be "In Review".
The fallback user role of the IdP is only assigned when no role mapping finds a match and there is no default role.
Picturepark Redirect URL is the URL of the Picturepark IDS + /signin-<Idp-id>
You can see the Picturepark IDS when you open the Login Form of your Picturepark in the URL.
You find the Identity Provider ID in the list of external IdP in Settings > IdP Setup
Client Secret is not needed as Picturepark uses the authorization code flow + PKCE.