Skip to content

Federation Redirection Workflows

There are two possible redirection workflows for federated identities.

1. Default behavior: Redirect TID users to the appropriate Identity Provider based on their email domain

  1. The application calls the Trimble Identity /authorize endpoint e.g., https://stage.id.trimblecloud.com/oauth/authorize?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope=openid%20{application_name}
  2. The browser redirects to the standard TID sign-in page.
  3. The user enters their email address.
  4. Trimble Identity recognizes the email domain as a claimed domain and redirects to the customer’s Identity Provider.
  5. The user competes their sign-in in their federated Identity Provider. A Trimble Identity token is returned to the client application.

auth code diagram without identity provider hint

2. Redirect to a specific federated Identity Provider using the identity_provider url parameter

  1. The application calls the Trimble Identity /authorize endpoint while specifying the identity_provider url parameter, e.g. https://stage.id.trimblecloud.com/oauth/authorize?client_id={client_id}&redirect_uri={callback_url}&response_type=code&scope=openid%20{applicaiton_name}&identity_provider={federation_id}
  2. The browser redirects immediately to the federated Identity Provider sign-in page.
  3. The user competes their sign-in in their federated Identity Provider. A Trimble Identity token is returned to the client application.

auth code diagram with identity provider hint