Managing users coming through a third-party authentication service

When users sign in through a third-party authentication service for the first time, Kentico automatically creates a new user account for them. If you edit such an account in the Users application, you can see that the account has some specific settings.

General tab

The User name and Full name fields of the user are automatically filled in by the system according to the following format:

User name

  • Live ID: liveid_<liveidtoken>
  • OpenID: openid_<openid>
  • Facebook Connect: facebookid_<facebookuserid>
  • LinkedIn authentication: linkedinid_<linkedinuserid>

Full name

  • Live IDliveid_<liveidtoken>
  • OpenID: OpenID - <openid>
  • Facebook Connect: Facebook ID - <facebookuserid>
  • LinkedIn authentication: LinkedIn ID - <linkedinuserid>

You can change these values manually without any effect on the authentication functionality.

Also notice that the Is external user check box is selected. This indicates that the user account is imported from an external user database and disables standard forms authentication for the user. The user can only sign in using the third-party authentication service.

When merging an existing account with third-party authentication using one of the <provider> required user data web parts, the existing account that you want to merge must not have the Is external user flag enabled. Otherwise forms authentication via the web part will not work.

Settings tab

If you switch to the Settings tab of the user editing interface, you can view the related Live ID, Facebook user ID, OpenID and LinkedIn ID fields. This is where the user’s ID from the related provider is stored.

You can change the values manually if you need to. You just need to make sure that the entered ID is valid. Then, the newly entered ID will be used when the user signs in. You can also delete the value, in which case no ID will be assigned to the user. If you delete the ID value, remember to clear the Is external user option on the General tab so that the user can sign in using standard forms authentication.