Skip to main content
An identity provider authenticates users on behalf of Vantage. By default, Vantage uses its built-in identity provider, which authenticates users with a username and password. You can configure your tenant to use an External Identity Provider instead — Vantage then delegates identity verification to that provider before granting access. Existing tenant users can authenticate via the External Identity Provider using the email address they previously signed in with.
This setup requires the Tenant Administrator role. The same External Identity Provider can be configured for multiple tenants.

Supported providers and protocols

Vantage supports the following External Identity Providers:
  • Active Directory Federation Services (AD FS)
  • Azure Active Directory (Azure AD)
  • Other — any provider that speaks OAuth 2.0 or SAML 2.0
Both the OAuth 2.0 and SAML 2.0 protocols are supported.

Prepare the External Identity Provider

Choose the protocol your provider uses, then follow the corresponding setup guide.

OAuth 2.0

Configure AD FS, Azure AD, or another provider with OAuth 2.0.

SAML 2.0

Configure AD FS, Azure AD, or another provider with SAML 2.0.

Connect the provider to your tenant

Once the provider is prepared, enable it in your Vantage tenant. See Setting up an External Identity Provider for a tenant.
After setup is complete, users authenticate through the External Identity Provider. See Authentication using an External Identity Provider.

Authentication

Sign-in flows and OAuth 2.0 / SAML 2.0 options

Setting up an External Identity Provider for a tenant

Connect the prepared provider to your Vantage tenant

Testing external authentication

Verify the External Identity Provider before users sign in

Associated email domains

Allow users from specific email domains to sign in