Tenants / Custom Providers

Tenants can be either OIDC or SAML connections. Custom Providers only support OIDC (Authorization Code and Implicit Flow).

If you wish to login with an external identity provider (IdP) using Descope, there are two main ways to connect them. You can either configure SSO with a specific tenant, or configure an OIDC custom provider. This guide will cover the basics of both, to give a basic understanding of the differences and how to use each of them.

Tenants

If you wish to connect an external IdP and associate all of the users of that external IdP with a specific group in Descope, or if you want to use SAML SSO instead of OIDC to federate into the external IdP, then using Tenants is for you. All tenants can possess a singular SSO connection to an external IdP. This is configured under Tenant Settings -> Authentication Methods -> SSO

tenant-config-azure

The way you use Tenants in a flow, is by using the SSO action block. This will automatically redirect a user to the correct external IdP, based on the email domain of the user. This must match the email domain of the configured tenant, in order to work properly.

Tenant Management

For a detailed guide on how to properly manage Tenants, review our Tenant Management guide.

Custom Providers

If you're using OAuth (Social Login), you're already familiar with OAuth providers. Custom Providers work in exactly the same manner, essentially allowing you to connect

Descope allows you to create custom Social Login (OAuth) providers within the Authentication Methods page. This gives you the ability to utilize any OAuth provider to authenticate your users to your application, with Desocpe being your OAuth Service Provider (SP).

For more examples of configuring specific custom OAuth Providers, you can review our Setup Guides section below.

OAuth (Social Login) Management

For a detailed guide on how to properly manage Custom Providers, review our Custom Provider guide.

Was this helpful?

On this page