To integrate an external identity provider in VTEX, you should first understand the basics of how our identity and access management services work. This article provides the main concepts and restrictions to get you started. After reading through it, you should move on to the Webstore (OAuth2) or Admin (SAML 2.0) articles for their implementation details.
Identity and Access Management (IAM)
VTEX ID is the service used for identifying users on our platform. Web browsers and mobile apps interact with it to obtain an authentication token for a specific user. Receiving this token is what warrants that a user is "logged in", as it is used to communicate with services requiring authentication.
An audience is the context in which VTEX ID is used. It defines the business rules and the type of persona that will interact with the module. We currently have two scopes:
- Admin for access to a VTEX admin panel
- Webstore for access to a VTEX storefront
Upon receiving an authentication token, applications can use it to verify if the user has a specific set of permissions by interacting with the service responsible for access management: License Manager.
We will not cover access management in this guide, but you can read more about roles in our Help Center article.
If you are already familiar with the OAuth 2.0 specification, feel free to make this association if you find it helpful.
This is the audience used for dealing with users that need to access the administrative interface. Each component inside the admin panel requires different permissions, which are fully managed by the Sponsor user of your VTEX account using roles. The token generated by VTEX ID in this scope can be used for authentication with most VTEX APIs.
This is the audience used for e-commerce stores to identify customers throughout their shopping experience. Users in this scope can sign-in using credentials they already have, which may be shared between different stores or platforms you manage. The token generated by VTEX ID in this scope can be used to interact with the store checkout and storefront apps.