Federation

Article • 10/28/2025 • 3 min read

To log in to AppCentral, you can either use Aptean IAM (Identity and Access Management) or an existing external IAM system. AppCentral supports integration with external identity providers (such as Azure AD B2C) for user federation. You can configure the external provider, integrate it with Aptean IAM, and migrate users as needed. Only administrators can import and synchronize users from IAM to Aptean AppCentral. Thefollowing table describes each field and its purpose on the Federation tab:

Field	Description
Name	Displays the Federation name
SSO Connection	Displays whether the SSO connection is OpenID Connect
Identify Provider	Displays the IAM from which the user is imported.
Reload	Click to refresh and reload the information
Create Identity Provider	Click to create an Identity Provider in Aptean AppCentral. For more information, see Create Identity Provider in AppCentral.

External Identity Integration with Aptean AppCentral

To integrate external identity provider with Aptean Appcentral, you must perform the following:

Set up the External Identity Provider

Register the Aptean IAM application in your External Identity.
Set up the following fields in the External Identity Provider:
- Application/Client ID
- Client Secret
- Discovery Endpoint URL
Copy the URL of the discovery endpoint.

Create Identity Provider in AppCentral

In the Aptean AppCentral Web UI, navigate to User Center > Access Management > Federation.
Click New Identity Provider.
The Create Identity Provider window appears.
In the Create Identity Provider window, enter the required information in the mandatory fields:
-   Name: Enter an appropriate name in the text field.
-   SSO Connection: By default, Open ID is selected from the drop-down list to enable Single Sign-On (SSO) functionality.
In the Open ID Connect Connection section:
-  Identity Provider: Choose the External Identity Provider (example Microsoft Entra, Azure) from which user data will be imported and synchronized into AppCentral.
- Discovery Endpoint: Enter the URL of the discovery document for the OpenID
  Connect External Identity Provider you want to connect with.
- Client ID: Enter the client ID of your External Identity Provider.
  
  Access required to allow user login and also allow query access for Users, Groups, and Applications.
- Client Secret: Enter Client Secret of your External Identity Providers.
Callback URL: After entering the identity provider details, a callback URL is auto generated. Copy this URL and enter it into the external Identity Provider for redirection after a successful login.
After entering the required information, click Submit.
You can monitor the progress of user import and synchronization.

Migrate Users

Migrate users from the external Identity Provider to Aptean IAM.
After migration, users can log in by entering their email ID in Aptean IAM. This will redirect them to the external Identity Provider, and after successful login, they will be redirected to the Aptean AppCentral home page.