Authenticating

Single External Provider

Once the JWT is accepted, a new identity will be added to the ZDEW. Initially, the identity will not be authorized and a new icon will show up indicating the user needs to authorize via the external provider. If a single external provider is configured for this OpenZiti overlay network, clicking the icon will being the Auth Flow with PKCE process. During this time, the ZDEW will be listening on port 20314.

After successfully completing the authentication with the external provider, the browser will redirect to the listening port and complete the authentication flow. The user will be shown a screen that looks similar to this. The first time this screen is shown in a browser session, it will not automatically close. Subsequent authentication events should result in the tab automatically closing.

Assuming everything succeeds, the user will see the normal information shown by an authenticated identity.

More Than One External Provider

If your network is configured with more than one external provider, a popup will be shown when the mouse hovers over the "authorize IdP" icon. The popup will contain a list of the providers to select from. Choosing a provider from the list will begin the authorization flow for the selected provider.

Saving a Preferred Provider

When using external providers, it's likely users will want to assign a preferred provider as a default. Before authenticating, click on the detail entry for the given identity a default should be assigned to. A new screen will appear looking like the image shown below.

To assign a default provider, click the desired provider and click the "Default provider?" checkbox. The UI will remember the setting when it is clicked. There is no need to 'save' this setting. When a default provider is selected on a network with multiple providers, no popup will be shown when hovering over the "authorize IdP" icon. Users may still elect to authenticate with a

Unchecking the checkbox will clear the default provider.