Virtual Provider
Identity brokering and federation hub
Overview
The JOSSO Virtual Provider acts as an identity broker, enabling complex federation scenarios where applications need to authenticate users from multiple identity sources. It provides a unified interface while routing authentication requests to the appropriate backend provider.
Use Cases
Multi-Tenant SSO
Route users to different identity providers based on tenant
Identity Broker
Aggregate multiple IdPs behind a single entry point
Protocol Bridge
Convert between SAML, OIDC, and other protocols
Attribute Mapping
Transform and normalize identity attributes
Configuration
Virtual Provider Setup
Create a Virtual Provider in the JOSSO Management Console:
Virtual Provider Configuration:
Name: corporate-idp
Description: Corporate Identity Broker
Upstream Providers:
- Azure AD (SAML 2.0)
- Okta (OIDC)
- On-Premises LDAP
Routing Rules:
- email domain "corp.com" → Azure AD
- email domain "partner.com" → Okta
- default → LDAP
Attribute Mapping:
- preferred_username → email
- name → displayName
- groups → roles Identity Provider Selection
Configure how users select or are routed to their identity provider. Options include email domain discovery, explicit IdP selection page, or URL-based routing.