Discovery | Planning Steps
Step 1 - Determine your audience
The first planning step for Cirrus Discovery is to determine the audience and which identity providers that audience will need:
Will the audience primarily use social login options provided by Cirrus Gateway (Google, Facebook, Microsoft, LinkedIn, or others)?
Will the audience use the Cirrus External Identity Provider?
Will the audience use the organization’s primary/enterprise identity provider?
Will the audience use other organization identity providers?
The answers to these questions will influence the style of Discovery you choose.
Step 2 - Determine the desired end user experience
The second planning step is to determine the desired experience for end users to discover the identity provider there are going to use for login:
Are end users going to be just directed to the Service Provider, and a discovery page should appear if needed?
Are end users going to be directed to a website page, and discovery should be embedded on that page?
Do we want to avoid discovery, and we know enough about each audience segment that we just want to embed static links on one or more website pages?
The answers to these questions will also influence the style of Discovery you choose.
Step 3 - Interactions with other Cirrus Modules / Features
Some Cirrus Modules have constraints that can influence how Discovery is configured:
Cirrus Invitation and Cirrus Account Linking using the request based pattern leverage the Discovery configuration to present the UI for request claiming. Decisions made about audience identity providers and end user experience should align between products (See Invitation Getting Started and Account Linking Getting Started).
Cirrus Self-Registration leverages the Discovery configuration to present the UI for registration. Currently Self-Registration only supports Button Style discovery for the registration UI (See Self-Registration Getting Started).
By default, the Cirrus Identity Provider Proxy will use the Discovery configuration of the SP side of the Proxy for all service providers using the Proxy as an IdP (See Identity Provider Proxy Getting Started). In some cases, this can be changed -- contact Cirrus Support for further details.
Step 4 - Select the style of Discovery to implement
The most common choice is to use a SAML compliant discovery service, and the easiest is to use Cirrus Discovery integrated with the Cirrus Identity Products. Cirrus Discovery operates in two basic modes: “List Style” and “Button Style”. The following table providers a comparison between the two styles:
|Discovery Style||Button Style||List Style|
of Identity Providers
|Less than Ten||Large Numbers|
|Supports Federated IdPs||Yes||Yes|
|Supports Social Login||Yes||Yes|
|Supports Custom IdPs||Yes||Yes|
|Control Display Order
|Add Header/Footer Text||Yes||Yes|
|Customize IdP Branding
(non-social IdPs only)
|Add Text Between IdPs||Yes||No|
|Put IdPs on Different Tabs||No||Yes|
|Search Box for IdPs||No||Yes|
Customer can also choose to bypass discovery. This choice is useful in those cases where the navigation for an audience is well understood (for example going from a portal to an application). For more information, see “Cirrus Identity Provider Proxy discovery configuration” or contact Cirrus Support.
Next you will want to look at Cirrus Discovery | Getting Started.