External Auth Servers define an oAuth Server which is not managed by CYM-Identity - for example, the Salesforce Identity Authorizatin Servers, box.com, Google Identity, ....
You define an External Auth Server in order to federate Application identity across security domains. Similar to User Identity Federation, federating application identity allows you to have a centralized place for integration, control and monitoring.
Instead of having each application integrating with Google Identity, you integrate the Google Identity Auth Server with CYM-Identity, and then you federate its application identity through CYM-Identity
External Auth Servers are just the first part, the second part is
External Clients| Attribute | Required | Description |
|---|
| Name | Yes | The External Auth Server Name used in the UI |
| TokenEndpoint__c | Yes | The token_endpoint URL of the Authorization Server. The domain must be enabled in the Remote Site Settings of your org |
| Plugin__c | Yes | The plugin handler of to be used during the token requests |
| Audience__c | No | The audience value to be used in JWT Bearer token flows |
| AccessTokenExpirationTime__c | No | In case the External Auth Server does not return token expiration time, you can define a default value here |
CYM-Identity provides two Plugin handlers for External Auth Servers
This Plugin handler is specifically created to manage the token requests with your Salesforce Community.
This Plugin handler is manages the token requests with standard auth servers which support client_crendetials and jwt_bearer_token flows.