1. Home
  2. Tyk Identity Broker
  3. Configuration
  4. Configuring Profiles

Configuring Profiles

The Profiles configuration file outlines which identity providers to match to which handlers and what actions to perform. The entries in this file encapsulate the activity for a single endpoint based on the ID and provider name.

The file is JSON object which is essentially a list of objects:

    "ActionType": "GenerateOrLoginUserProfile",
    "ID": "1",
    "IdentityHandlerConfig": {},
    "OrgID": "53ac07777cbb8c2d53000002",
    "ProviderConfig": {
        "CallbackBaseURL": "http://tib.domain.com:3010",
        "FailureRedirect": "http://tib.domain.com:3000/?fail=true",
        "UseProviders": [{
            "Key": "GOOGLE-OAUTH-TOKEN",
            "Name": "gplus",
            "Secret": "GOOGLE OAUTH SECRET"
    "ProviderConstraints": {
        "Domain": "tyk.io",
        "Group": ""
    "ProviderName": "SocialProvider",
    "ReturnURL": "http://tyk-dashboard.domain.com:3000/tap",
    "Type": "redirect"
}, {
    "ActionType": "GenerateOAuthTokenForClient",
    "ID": "2",
    "IdentityHandlerConfig": {
        "DashboardCredential": "ADVANCED-API-USER-API-TOKEN",
        "DisableOneTokenPerAPI": false,
        "OAuth": {
            "APIListenPath": "oauth-1",
            "BaseAPIID": "API-To-GRANT-ACCESS-TO",
            "ClientId": "TYK-OAUTH-CLIENT-ID",
            "RedirectURI": "http://your-app-domain.com/target-for-fragment",
            "ResponseType": "token",
            "Secret": "TYK-OAUTH-CLIENT-SECRET"
    "MatchedPolicyID": "POLICY-TO-ATTACH-TO-KEY",
    "OrgID": "53ac07777cbb8c2d53000002",
    "ProviderConfig": {
        "FailureRedirect": "http://yourdomain.com/failure-url",
        "LDAPAttributes": [],
        "LDAPBaseDN": "cn=dashboard,ou=Group,dc=ldap,dc=tyk-test,dc=com",
        "LDAPEmailAttribute": "mail",
        "LDAPFilter": "((objectCategory=person)(objectClass=user)(cn=*USERNAME*))",
        "LDAPPort": "389",
        "LDAPServer": "localhost",
        "LDAPUserDN": "cn=*USERNAME*,cn=dashboard,ou=Group,dc=ldap,dc=tyk-test,dc=com"
    "ProviderName": "ADProvider",
    "ReturnURL": "",
    "Type": "passthrough"

Each item in a policy list dictates how that component will behave with the underlying services it is trying to talk to. IN the above two examples, we have a social provider, that will allow Dashboard access to Google plus users that are part of the “tyk.io” domain. In the second example, we are generating an OAuth token for users that are validated via an LDAP server.

In the following sections we outline multiple configurations you can use for Identity Provision and Handling