| page_type | languages | products | description | urlFragment | ||
|---|---|---|---|---|---|---|
sample |
|
|
Sample for integrating External Identities self-service sign-up with IDology identity verification using API connectors |
active-directory-dotnet-external-identities-idology-identity-verification |
Azure Active Directory (Azure AD) External Identities enable you to provide self-service sign-up for external users so that collaboration is seamless and end-user friendly. API connectors enable you to leverage web APIs to integrate those self-service sign-up flows with external cloud systems.
Verifying a user's identity can be critical to securing an application from fraudulent and malicious actors and confidently allowing self-service sign-up. To accomplish this, you can use IDology's identity services including ID verification, Fraud prevention, Compliance, and other solutions.
| File/folder | Description |
|---|---|
RestApi/Api |
Sample source code for API. |
.gitignore |
Define what to ignore at commit time. |
CHANGELOG.md |
List of changes to the sample. |
CONTRIBUTING.md |
Guidelines for contributing to the sample. |
README.md |
This README file. |
LICENSE |
The license for the sample. |
You must have an Azure Active Directory tenant.
The IDology integration is comprised of the following components:
- IDology -- The IDology service takes inputs provided by the user and verifies the user's identity.
- Custom web API -- This provided API implements the integration between the Azure AD self-service sign-up user flow and the IDology service to perform identity verification at sign-up.
- Azure AD External Identities self-service sign-up - The way to allow external customers to sign-up as external users to your organization.
- API connector - Part of a self-service sign-up, allows you to connect the sign-up flow with the custom web API.
When you are ready to get an IDology account, sign up using this web form.
Deploy the provided API code to an Azure service. The code can be published from Visual Studio, following these instructions.
Note the URL of the deployed service. This will be needed to configure the API connector with the required settings.
Application settings can be configured in the App service in Azure. This allows for settings to be securely configured without checking them into a repository. The API needs the following settings configured:
| Application Setting Name | Source |
|---|---|
| IdologySettings:ApiUsername | IDology service username. |
| IdologySettings:ApiPassword | IDology service password. |
| WebApiSettings:ApiUsername | Set a username for accessing the API. |
| WebApiSettings:ApiPassword | Set a password for accessing the API. |
Create a self-service sign-up user flow for registering external users to your tenant.
Under User Attributes, the following must be selected in order to collect the information from the user:
After the Azure AD tenant has been configured for use with External Identities self-service sign-up, create an API connector
- Display Name: Choose a name such as 'Verify identity with IDology'.
- Endpoint URL: Use the URL created when publishing the API service.
- Username: Username defined in the API configuration above (WebApiSettings:ApiUsername)
- Password: Password defined in the API configuration above (WebApiSettings:ApiPassword)
The API connector configuration should look like the following:
Enable the API connector for the user flow. Navigate to User flows (Preview), click the user flow you created, and click on API connectors. From here, click on the drop-down menu for Before creating the user and select the API connector (e.g. 'Verify identity with IDology').
Your self-service sign-up user flow should now be calling out the API, which uses the IDology service to verify an account. If the user cannot be verified, the user will be shown an error message and asked to review their personal information.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.