You can use the Authentication Realms endpoint to configure authentication options. Authentication Realm sub-resources can be used to configure single sign-on.
The Authentication Realm object
Parameters
Attribute
Type
Description
id
string
The unique identifier for the authentication realm.
Additional information for this realm. For more information, see The meta object section.
name
string
The name of the authentication realm.
redirect_uris
array[string]
An array of Storefront URIs that can start Single Sign On authentication. These URIs must follow the rules for redirection endpoints in OAuth 2.0. All URIs must start with https:// except for http://localhost.
The related resources. For more information, see The relationships object section.
duplicate_email_policy
string
The values permitted for this parameter are, allowed or api_only. In Single Sign On (SSO) each user in the Identity Provider (IdP) has a unique identifier, but different IdPs might differ in whether distinct users can share the same email address. For the allowed setting, when a user with a new unique identifier signs in through SSO for the first time, the system creates a new user. However, for the api_only setting, the system assigns the new unique identifier to the existing user in the system, in this case both the old and new unique identifier from the IdP points to the same user in Elastic Path Commerce Cloud. The api_only setting is recommended only when all configured identity providers treat e-mail address as a unique identifier for the user, otherwise a user might get access to another user’s account and data. Thus the api_only value can simplify administration of users.