3.12.4 Managing Authentication Cards

The default user portal page prompts a user to authentication with the credentials required for the default contract. When users log in to Identity Server, the users must use the default card for authentications. The menu in the top left corner contains all available cards.

On a newly installed system, the menu displays cards for all the authentication contracts that are installed with the system. To avoid confusing your users, you need to disable the Show Card option for the contracts you do not want your users to use. Also, ensure that you modify the default contract to match a card that Administration Console displays.

If you display multiple cards, users can use different credentials to authenticate multiple times by selecting another authentication card and entering the required credentials. This is only useful if the credentials grant the user different roles or authorize access to different resources.

If you have configured Identity Server to be a service provider and have established a trusted relationship with one or more identity providers, the cards of these trusted identity providers appear in the menu under REMOTE LOGINS, Your users can use the identity provider’s authentication card to federate their account at the identity provider with their account at the service provider. When they federate an account, they are telling the service provider to trust the authentication established at the identity provider. This enables single sign-on between the providers. The card can also be used to defederate the accounts. On the authentication card, click Defederate.

If you have configured Identity Server to be an identity provider for service providers, in the menu in the upper right corner of the user portal page contains a Federations options that displays a Federations page. From this page, users can federate and defederate their accounts with trusted service providers.