Integrate identity system: First-party and third-party apps with Logto
Discover key concepts and common use cases for integrating both first-party and third-party apps using Logto as your identity provider.
Greetings, tech enthusiasts and professionals! Your feedback has been instrumental, and we're excited to announce a significant development: Logto is advancing to serve as your Identity Provider (IdP). In the coming updates, we'll be introducing Logto as an OpenID Connect (OIDC) IdP, enhanced with a ready-to-use Consent Page.
As we prepare for this significant release, it's an opportune moment to delve into some essential concepts and solutions in the realm of identity systems. This is particularly relevant when considering the integration and interaction of various applications and services within your digital infrastructure.
Concepts
In the identity ecosystem, every application or resource plays a specific role. They could be a First-party app, a Third-party app, an Identity Provider (IdP), a Relying Party (RP), or a Service Provider (SP). Let’s explore these relationships.
First-party App:
These apps are developed and managed by the identity provider itself, ensuring higher security and trust. They provide a unified sign-in experience within the same domain, using consistent user credentials. Read “Build multi-app products” to learn more about Logto omni sign-in.
Third-party App:
External or partner services not directly affiliated with an Identity Provider (IdP) are considered third-party apps, acting as Relying Parties (RPs) in the context of OIDC or Service Providers (SPs) in the context of SAML. These apps integrate with the IdP using protocols like OAuth, OIDC, and SAML, facilitating user login and authorization through the IdP's accounts. Unlike first-party apps where the consent page may be integrated, for third-party apps, this step is essential in the authentication flow, ensuring user consent for data access.
Use cases
With Logto, you become the master of your identity universe. You can create numerous first-party apps for a seamless user experience, and an unlimited number of third-party apps for external collaborations. Logto helps your service become a versatile IdP, managing identities both internally and externally with top-notch security. Here are some case studies for inspiration:
Case 1: B2C Services with Social Identity Integration
Consider your service as a B2C provider, akin to the way Meta operates as an IdP.
- Integration of Internal Applications: Utilizing Meta's account system as an IdP, platforms like Facebook, Messenger, and Instagram serve as first-party apps.
- Development of Third-party Applications: Within the Meta ecosystem, developers can create third-party apps with a Facebook sign-in feature, enabling access to user profiles during the authentication process.
Case 2: B2B Services with Enhanced Access Control
Imagine your service operating in a B2B environment, similar to how GitHub functions as an IdP.
- Internal application integration: Utilize the GitHub account system as an IdP. Applications like GitHub Desktop, GitHub Mobile, and Copilot are examples of first-party apps within this ecosystem.
- Third-party app development: Developers have the option to "Register a new OAuth application" within the GitHub Developer Settings page. This feature allows the integration of a GitHub sign-in option on third-party app login pages. It grants the request for user authentication, user profile access, and organization-specific permissions, which can be individually granted by organization members or administrators.
- Workflow Automation on Open Platforms: Beyond just offering social sign-in options, GitHub, as an IdP, can also enhance automated workflows on platforms like Slack. For instance, when integrating a GitHub app within a Slack workspace, GitHub acts as the IdP and Slack as the Relying Party. This configuration requires users to authenticate via GitHub to allow the Slack application to obtain necessary permissions and data. Such integration enables commands like
/github subscribe owner/repo
and/github subscribe org/repo commits:myBranch
, streamlining interactions and processes between GitHub and Slack.
Case 3: B2E Services with Enterprise SSO Integration
Envision your service mirroring Okta's B2E solutions.
- First-party App Integration: Okta's range of applications, including the Admin Dashboard, End-user Dashboard, Mobile app, and Browser Plugin, are prime examples of first-party apps.
- Third-party App Integration and SSO Solutions: In the Okta system, administrators can “Create a new app integration” tailored for enterprise SSO through protocols like OIDC, SAML 2.0, SWA, and API services. This capability enhances the security and operational efficiency of various services used across the enterprise.
Why choose Logto as your IdP?
For a complete Identity and Access Management (IAM) system, your application must encompass capabilities as both an RP/SP and an IdP:
- As an RP/SP: Connect to various Social IdPs for social sign-in and multiple Enterprise IdPs for SSO. Logto supports this with powerful Social connectors and Enterprise connectors.
- As an IdP: Manage identities across multiple first-party apps and enhance cooperation with external applications by creating third-party apps in Logto.
A robust Identity Provider (IdP) provides crucial features such as Multi-Factor Authentication (MFA) and Enterprise Single Sign-On (SSO) for secure authentication, alongside connections through standard protocols like SAML, OpenID Connect, and OAuth 2.0. It ensures comprehensive management of both organizations and users, safeguards API resources, implements Role-Based Access Control (RBAC), and monitors system activities with Audit logs. These are the strengths that Logto offers. Logto is more than just a solution; it's your gateway to a powerful, adaptable, and cost-effective identity management system, fueling your business growth and development.
Stay tuned for the upcoming launch of our Third-party app feature. Meanwhile, start exploring Logto today to transform your service identity system.