logo logo
Initializing search
    • Home
    • Get started
      • Create Account
          • Quickstart
          • Complete Guide 2 mins
          • Quickstart
          • Complete Guide 2 mins
          • Quickstart
          • Complete Guide 2 mins
          • Quickstart
          • Complete Guide (Redirect) 2 mins
          • Complete Guide (App-Native) 2 mins
          • Complete Guide (B2B) 2 mins
          • Complete Guide 2 mins
          • Complete Guide 2 mins
          • Quickstart
      • Try for a sample app
          • React
          • JavaScript
          • OIDC Java EE
          • SAML Java EE
          • WS-Federation
        • TypeScript
        • Python
        • Cloudflare Quickstart
        • Python
        • TypeScript
    • Guides
      • Applications
        • Register an SPA
        • Register web app with OIDC
        • Register web app with SAML
        • Register a standard-based app
        • Register a mobile app
        • Register a machine-to-machine app
        • Register a FAPI-compliant app
        • Register a React app
        • Register a Next.js app
      • Authentication
          • Add login to an SPA
          • Add login to a web app
          • Add login to a mobile app
        • Add login to SaaS apps
          • Google Workspace
          • Salesforce
          • Microsoft 365
          • Zoom
          • Slack
        • Add passwordless login
          • Add login with Magic link
          • Add login with Passkey
          • Add login with HYPR
          • Add login with Email OTP
          • Add login with SMS OTP
          • Add login with Push Notification
        • Enable user attributes
          • Enable attributes for OIDC apps
          • Enable attributes for SAML apps
        • Manage consent for user attributes
        • Add federated login
          • Add social login
            • Add Facebook login
            • Add GitHub login
            • Add Google login
            • Add Microsoft login
            • Add Apple login
            • Add LinkedIn login
          • Add decentralized login
            • Sign-in with Ethereum
            • Add Signicat login
            • Add FranceConnect login
            • Add SwissID login
          • Add standard-based login
            • Add login with OIDC IdP
            • Add login with SAML IdP
        • Add identifier first login
        • Add multi-factor authentication
          • Add TOTP
          • Add Email OTP
          • Add SMS OTP
          • Add Push Notification
          • Add Passkey
          • Add iProov
          • Add Duo
          • Add user-preferred MFA
        • Add conditional authentication
          • Set up conditional authentication
            • Add access control
            • User Age-based access
            • Group-based access
            • Concurrent session-based access
            • Add adaptive MFA
            • MFA based on user group
            • MFA based on sign-in option
            • MFA based on user device
            • MFA based on IP address
            • MFA based on advanced conditions (using WSO2 Choreo)
          • Add passkey progressive enrollment
          • Add push notification device progressive enrollment
          • Add on-demand silent password migration
          • Write a custom authentication script
        • App-native authentication
          • Add app-native authentication
          • Secure app-native authentication flows
          • Handle advanced login scenarios
        • Login Flow AI
        • Configure OIDC flows
          • Discover OIDC endpoints
          • Dynamic Client Registration (DCR)
            • Authorization code flow
            • Authorization code flow and PKCE
            • Hybrid flow
            • Pushed Authorization Requests (PAR)
            • JWT Secured Authorization Response Mode (JARM) for OAuth 2.0
            • JWT Bearer Grant
            • Private key JWT
            • Validate tokens at a resource server
            • Validate JWT with JWKS
            • Validate ID tokens
              • Encrypt and decrypt ID tokens
              • ID token encryption reference
            • Request user information
            • Revoke tokens
            • Configure token exchange
            • Front-channel logout
            • Back-channel logout
        • Configure SAML flows
          • Discover SAML endpoints and settings
          • Implement SAML federated IdP-initiated SSO
          • SAML back-channel logout
        • Configure Just-in-Time user provisioning
      • Authorization
          • Role-based access control
        • User impersonation
          • via Console
          • via business application (advanced)
      • Identity Verification
        • Configure an Identity Verification Provider
        • Identity Verification with Onfido
      • User management
        • Manage administrators
          • Onboard users
          • Manage users
        • Manage groups
        • Manage roles
        • Manage active sessions
        • Migrate users to Asgardeo
          • Migrate user accounts
          • Migrate user passwords
        • Manage attributes and mappings
            • Manage attributes
            • Configure attributes
            • Configurations reference
          • OIDC attribute mappings
          • OIDC scopes
          • SCIM2 attribute mappings
          • Configure unique attributes
          • Configure multi-valued contact attributes
            • Configure settings
              • Email address update verification
              • Mobile number update verification
        • Manage user stores
          • Connect a remote user store
          • Configure high availability
          • Manage remote user stores
          • Deployment best practices
          • Advanced configuration for the agent
      • Workflows
        • Approval workflows
        • Workflow requests
      • Account configurations
          • Login attempts
          • Password validation
          • Bot detection
          • Fraud detection
          • Session management
          • Password recovery
          • Admin Initiated Password Reset
          • Self-registration
          • Self-registration flow
          • Invite user to set password
          • Configure username validation
          • Configure alternative login identifiers
        • Account disabling
      • Flows
        • Get Started
        • Self Registration
        • Password Recovery
        • Invited User Registration
        • Flow AI
        • Use the Flow Execution API
        • Understand Flow Execution Components
        • Troubleshooting
      • User self-service
          • Configure the self-service portal
          • Update profile information
          • Change password
          • Manage linked social accounts
          • Export profile information
          • Manage consents
          • Manage login sessions
          • Self-register
          • Register passkeys
          • Register Push Notification Device
          • Password recovery
          • Enroll TOTP
          • Manage backup codes
          • Discover applications
          • Manage approvals
        • Build self-service capabilities
      • Organizations
        • Set up organizations
        • Administration of organizations
          • Share applications
          • Organization applications
        • Manage conflicts in organizations
        • Onboard admins
          • Sales-led approach
          • Self-service approach
        • Onboard users
        • Share user profiles with organizations
        • Try a B2B use case
        • API authorization for organizations
        • Inheritance in organizations
          • Login & registration settings
          • UI branding
          • Email and SMS templates
          • User attributes
          • OIDC scopes
          • Flows
        • Organization discovery
          • Email domain based organization discovery
          • Extend with service extensions
        • Configure Email Provider
        • Configure SMS Provider
        • Configure Push Provider
        • Customize branding
          • Configure UI branding
          • Customize layouts
          • Branding AI
          • Configure custom domains
          • Customize email templates
          • Customize SMS templates
          • Localization in Asgardeo
          • Understanding service extensions
            • Custom authentication
            • Setting up an action
            • Pre issue access token action
            • Pre issue ID token action
            • Pre update password action
            • Pre update profile action
          • Understanding webhooks
          • Setup webhooks
          • Webhook events and payloads
      • Your Asgardeo
        • Manage root organizations
        • Manage environments
          • Promote configurations across environments
        • Self-service
        • Recover your password
        • Delete your user account
        • Subscribe to Asgardeo
          • via Billing Portal
          • via Azure Marketplace
      • Asgardeo logs
        • Diagnostic logs
        • Audit logs
        • Remote log publish
      • Monitoring
        • PII in Asgardeo logs
        • Asgardeo events
        • Organization insights
        • MCP Authorization
          • Securing MCP Servers
          • Setting up MCP Clients
        • Identity for AI Agents
          • Register and manage agents
          • Agent credentials
          • Access control for agents
          • Agent authentication
    • Tutorials
      • Authenticate users into Android applications
      • Authenticate users into Flutter applications
      • Connect Asgardeo as an OIDC attribute provider (with Microsoft Entra Verified ID)
      • Connect Asgardeo as an OIDC attribute provider (with MATTR)
      • Secure Spring Boot API with Asgardeo
      • Integrate Asgardeo with Smart on FHIR healthcare apps
      • Secure Agentic AI Systems with Asgardeo
      • Implement End-to-End Authorization for MCP servers
    • SDKs
        • Overview
            • <AsgardeoProvider />
              • <SignInButton />
              • <SignOutButton />
              • <SignUpButton />
              • <SignedIn />
              • <SignedOut />
              • <Loading />
              • <UserDropdown />
              • <UserProfile />
              • <User />
              • <CreateOrganization />
              • <OrganizationProfile />
              • <OrganizationSwitcher />
              • <OrganizationList />
              • <Organization />
              • <OrganizationContext />
            • useAsgardeo()
          • Accessing Protected APIs
          • Protecting Routes
        • Overview
            • <AsgardeoProvider />
            • asgardeoMiddleware()
              • <SignInButton />
              • <SignOutButton />
              • <SignUpButton />
              • <SignedIn />
              • <SignedOut />
              • <Loading />
              • <SignIn />
              • <SignUp />
              • <UserDropdown />
              • <UserProfile />
              • <User />
              • <CreateOrganization />
              • <OrganizationProfile />
              • <OrganizationSwitcher />
              • <OrganizationList />
              • <Organization />
            • useAsgardeo()
          • Accessing Protected APIs
          • Protecting Routes
    • ModelContextProtocol Asgardeo MCP Server
    • APIs
        • Action Management API
        • Agent Management API
        • API resource management API
        • Application management API
        • App-native authentication API
        • Attribute management API
        • Authenticators API
        • Branding Preferences API
        • Consent management API
        • Email templates API
        • Event configuration API
        • Identity governance API
        • Identity provider API
        • Identity verification provider API
        • Idle account identification API
        • Notification sender API
        • Notification templates management API
        • OAuth Dynamic Client Registration API
        • Organization discovery API
        • Organization discovery configuration management API
        • Organization management API
          • Role management (SCIM 2.0) API
        • Rule Metadata API
        • User credential management API
          • SCIM 2.0 API
            • SCIM 2.0 Users API
            • SCIM 2.0 Groups API
            • SCIM 2.0 Patch operations
            • SCIM 2.0 Bulk API
            • SCIM 2.0 Batch Operations
            • SCIM 2.0 Resource types API
            • SCIM 2.0 Service provider configs API
            • SCIM 2.0 Build user creation payload
          • User account associations API
          • Account Recovery API
          • Offline user onboard management API
          • Verification Code Management API
          • Identity verification API
          • Session management API
          • Session extension API
        • User sharing management API
        • User store management API
        • Validation API
        • Webhook Management API
        • Webhook Metadata API
      • Organization APIs
        • Get access for organization APIs
        • Action Management API
        • API resource management API
          • Application management API (Shared Applications)
          • Application management API
        • Authenticators API
        • Branding API
        • Claim management API
        • Identity provider management API
        • Identity recovery API
        • Idle account identification API
        • Invite parent organization's users API
        • Notification sender API
        • Offline user onboard management API
        • Offline user onboard management API
        • Organization management API
        • Role management API
        • Rule Metadata API
        • User credential management API
        • User management
          • SCIM 2.0 Users API
          • SCIM 2.0 Groups API
          • SCIM 2.0 Bulk API
          • User Account Association API
          • Verification Code Management API
        • User sharing management API
        • User store management API
        • SCIM 2.0 Me API
        • Backup codes API
        • Export user information API
        • Password recovery API
        • TOTP API
        • Push Notification Device API
        • User account associations API
        • Export user information API
        • Identity Verification
        • Organization Me API
        • Self password update API
        • Verification Code Management Me API
    • References
      • Operational policies
      • Asgardeo outbound IP addresses
      • Asgardeo user roles
      • SCIM2 Custom User Schema Support
      • App configurations
        • OIDC configurations
        • SAML configurations
      • IdP configurations
        • OIDC configurations
        • SAML configurations
        • Conditional auth - API
      • Remote agent properties
      • Authorization policies for apps
      • Email templates
      • SMS templates
            • API contract to implement
              • API v1.0 contract to implement
              • API v1.1 contract to implement
            • Sample success reponses
              • API v1.0 contract to implement
            • Sample success responses
              • API v1.0 contract to implement
              • API v1.1 contract to implement
              • API v2.0 contract to implement
              • API v1.0 contract to implement
      • Accessibility compliance
      • Data residency in Asgardeo
      • API resources and scopes required for MCP tools
        • Readiness check
        • Security check
        • Best practices
      • Asgardeo rate limits
        • Build your own push authenticator app
        • OAuth2 grant types
        • OAuth2 Pushed Authorization Requests
        • Token binding
          • Client-request
        • Financial-grade API
        • App-native authentication
        • Push Notification based authentication
        • Introduction 4 mins
        • Prerequisite 2 mins
        • Pre-Issue Access Token Action Use Case 4 mins
        • Configure Pre-Issue Access Token Action with Choreo 5 mins
        • Configure Pre-Issue Access Token Action with Vercel 5 mins
        • Configure Pre-Issue Access Token Action with AWS Lambda 5 mins
        • Pre-Update Password Action Use Case 4 mins
        • Configure Pre-Update Password Action with Choreo 5 mins
        • Configure Pre-Update Password Action with Vercel 5 mins
        • Configure Pre-Update Password Action with AWS Lambda 5 mins
        • Pre-Update Profile Action Use Case 4 mins
        • Configure Pre-Update Profile Action with Choreo 5 mins
        • Configure Pre-Update Profile Action with Vercel 5 mins
        • Configure Pre-Update Profile Action with AWS Lambda 5 mins
        • Complete Guide 2 mins
        • Prerequisite 30 secs
        • Configure an application 2 min
        • Create a React app 2 min
        • Configure Asgardeo SDK 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Manage tokens in React 2 min
        • Next Steps 1 min
        React
          • Complete Guide (B2B) 2 mins
          • Prerequisites 30 secs
          • Register an application 2 min
          • Give access to APIs and create roles 2 min
          • Create a Next.js app 2 min
          • Configure app for login 4 min
          • Add user sign up 10 min
          • Add login and logout 10 min
          • Manage teams 15 min
          • Switch to a team 10 min
          • Manage team members 10 min
          B2B
          • Complete Guide (Redirect) 2 mins
          • Prerequisite 30 secs
          • Register an application 2 min
          • Create a Next.js app 2 min
          • Configure Asgardeo SDK 2 min
          • Add login and logout 2 min
          • Display user details 4 min
          • Securing Routes 4 min
          • Accessing protected API 2 min
          • Manage tokens in Next.js 2 min
          • Next Steps 1 min
          Redirect-Based
          • Complete Guide (App-Native) 2 mins
          • Prerequisites 30 secs
          • Register an application 2 min
          • Create an app for app-native authentication 2 min
          • Configure Asgardeo SDK 2 min
          • Add login and logout 10 min
          • Add MFA using app-native APIs 5 min
          • Add Social Login using app-native APIs 5 min
          • Manage tokens in app-native apps 2 min
          • Next Steps 1 min
          App-Native
        • Complete Guide 2 mins
        • Prerequisite 30 secs
        • Configure an application 2 min
        • Create an Express.js app 2 min
        • Configure Passport Asgardeo 2 min
        • Add login and logout 2 min
        • Persist user sessions 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Next Steps 1 min
        Express.js
        • Complete Guide 2 mins
        • Prerequisite 30 secs
        • Register an application 2 min
        • Create an Angular app 2 min
        • Configure Asgardeo provider 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Securing Routes 2 min
        • Accessing protected API 2 min
        • Manage tokens in Angular 2 min
        • Next Steps 1 min
        Angular
        • Complete Guide 2 mins
        • Prerequisite 30 secs
        • Register an application 2 min
        • Create a JavaScript app 2 min
        • Configure Asgardeo SDK 2 min
        • Add login and logout 2 min
        • Display user details 2 min
        • Accessing protected API 2 min
        • Manage tokens in JavaScript 2 min
        • Next Steps 1 min
        Javascript
        • Complete Guide 2 mins
        • Prerequisites 30 secs
        • Register an application 2 min
        • Create a .NET app 2 min
        • Configure auth properties 2 min
        • Add login and logout 10 min
        • Securing Routes 5 min
        • Display user details 5 min
        • Accessing protected API 2 min
        • Manage tokens in .NET 2 min
        • Next Steps 1 min
        .NET
        • Introduction 2 mins
        • In-app vs IdP-based login 30 secs
        • Public clients 2 min
        • Insecure token handling 2 min
        • Weak access control 4 min
        • Unauthorized access 2 min
        • Weak MFA 4 min
        • Partial user logouts 2 min
        • Product misconfiguration 2 mins
        • Cross-Site Scripting (XSS) 2 mins
        • Cross-Site Request Forgery (CSRF) 2 mins
        • Next Steps 1 min
        Frontend Security

    Add Single Sign On

    Google Google Salesforce Salesforce Microsoft Microsoft Zoom Zoom Slack Slack
    Back to top

    Join our Discord

    Connect with our community on our official Discord server. Share ideas, get help, and be a part of the awesome conversations!

    Join Discord
    Send us an email
    Ask on Stackoverflow
    Follow us on X (Formerly Twitter)
    Subscribe to our YouTube Channel
    © 2024-2026 WSO2 LLC.  |  Content licensed under CC By 4.0. | Sample code licensed under Apache 2.0.