Integration guide for adding HYPR as a passwordless authentication provider
HYPR provides customers with a passwordless login experience using a smart phone, a security key, or the built in authenticators available for devices running versions of Windows and MacOS that support FIDO protocols.
You need to configure both a HYPR tenant and a HYPR Keycloak tenant to set up passwordless authentication on the HYPR side. Refer to the HYPR documentation for more details on configuring HYPER.
In the HYPR tenant, you will need to:
- Configure a HYPR admin tenant to use with your Strivacity application
- Configure a push provider
- Generate a HYPR application ID
- Generate an access token to be associated with the HYPR application ID
- Have all of the users who will use passwordless authentication in the HYPER identity store
In the HYPR Keycloak tenant, you will need to:
- Conigure a valid HYPR Keycloak tenant to associate with your HYPR tenant
- Configure a HYPR Keycloak tenant realm
- Configure a tenant authenticator and execution
- Configure a HYPR Keycloak tenant OAuth client configured and associated with the client ID and secret
- Capture the OIDC auto-discovery URL for the Keycloak tenant you just created
- Have users in the HYPR Keycloak realm that match the usernames found in the HYPR admin tenant
In the Strivacity admin console, you will set up an enterprise login provider and configure it to use the HYPR tenant you configured above. You will then associate that login provider with the applications you want to use the HYPR passwordless login flow.
Set up an enterprise login provider
Refer to Set up an enterprise login provider page for more details.
- In the Strivacity admin console, navigate to External Login > Enterprise Login and click the "Create Enterprise Login Provider" button
- Select the OpenID login provider template
- Name this login provider
- Define the text to be used on this login provider's button. (This button can be skipped if only one login provider is defined and the appropriate application setting is configured. See the next section).
- Add an optional description
- In the Cliend ID field, enter the client ID from the HYPR configuration
- In the Client Secruet field, enter the client secret from HYPR configuration
- Selected “Auto Discovery” to on
- Enter the auto discovery URL from HYPR console
- Select the appropriate scopes you would like to request from the HYPR ID token
- Select whether you'd like to syncronize profile data at each login
- Click save
You are now ready to associate this login provider with one or more applications in your Strivacity admin console.
Set up an application
Refer to the Application setup page for more details.
- In the Strivacity admin console, navigate to Applications
- Select the application you wish to use the HYPR login provider, or create a new application
- Scroll down to Login Providers and enable Interactive Login and Registration
- Disable Local login
- Add the HYPR enterprise login provider
- Allow forwarding customer to external provider. This allows skipping the enterprise login provider selection screen when there is only one enterprise login provider configured
- Click Save
Test the login flow to your application to be sure everything is working as expected.
Updated 5 months ago