Connect an IdP to an Application
This guide explains how to enable social login for an application by connecting a configured identity provider (IdP) through an authentication flow.
How It Works
Applications in ThunderID do not reference IdPs directly. The connection runs through authentication flows:
- A configured IdP holds the credentials and endpoint URLs for the external provider.
- An authentication flow contains a social login executor that references that IdP.
- The application runs that flow during sign-in, which triggers the IdP's authorization redirect.
Prerequisites
- You have created an identity provider using the API. See:
- You have created an application. See Manage Applications.
1
Step 1: Open the Flow Designer
- Sign in to the ThunderID Console.
- Navigate to Flows.
- Open the authentication flow assigned to your application, or click + Create New Flow to create a new one.
2
Step 2: Add a Social Login Executor
- In the left panel under Widgets, locate the social login executor for your provider:
- Continue with Google — for Google IdPs
- Continue with GitHub — for GitHub IdPs
- OAuth executor — for OAuth 2.0 IdPs
- OIDC executor — for OIDC IdPs
- Click + next to the executor to add it to the canvas.
- Click the executor node to open its configuration panel.
- In the Connection dropdown, select the identity provider by the name you gave it when creating it (for example,
GoogleorMy OIDC Provider).
Auto-assignment
If you have exactly one IdP of the matching type configured, ThunderID selects it automatically. You do not need to choose from the dropdown.
3
Step 3: Wire the Executor Into the Flow
Connect the social login executor to the flow:
- To offer social login alongside password: connect the Sign In view node to both the Identifier + Password executor and the social login executor. Merge both success paths into the Auth Assertion Generator executor.
- To use social login as the only sign-in method: connect the social login executor directly between the Sign In view and the Auth Assertion Generator.
note
Every executor has a red (failure) output. Connect failure paths back to the Sign In view so users see an error message and can retry. Leaving a failure path unconnected stops the flow with an error.
4
Step 4: Save the Flow
Click Save in the top-right corner.
5
Step 5: Assign the Flow to Your Application
- Navigate to Applications and open the application you want to configure.
- Open the Flows tab.
- Under Authentication Flow, select the flow you just saved from the dropdown.
- Click Save.
6
Step 6: Verify the Integration
- Start a sign-in request from your application.
- On the sign-in page, confirm the social login button for your provider appears.
- Click the button and complete the authorization flow with the external provider.
- Confirm you are redirected back to your application and authenticated successfully.
Next Steps
- Application Settings — Configure tokens, flows, and consent for your application.
- Build a Sign-In Flow — Learn more about customizing authentication flows.
- Manage Identity Providers — Update or remove identity providers.