Configuring SSO with OAUTH 2.0
Last updated 26/02/2024
Working with OAUTH 2.0
If you have not added an Authentication record before, please refer to the introduction on Authentications to have an understanding of the fields on the Authentications form.With an authentication type of OAUTH, the following fields will be shown:
- Token URL
- Identity URL
- Identity Scope ID
- Identity Scope Name
- Identity Scope Email
- Client ID
- Client Secret
The Token URL value is the provider endpoint to obtain a token for authorization, available from the provider's website.
The Identity URL value is the provider endpoint to retrieving information about the user authenticatig via SO, available from the provider's website.
The Identity Scope ID value is the name of the property contained in the identity scope data retrieved from the identity scope, it is used locally as the user ID. Refer to your provider for more information.
Examples- id
- key
- user:identifier
The Identity Scope Name value is the name of the property contained in the identity scope data retrieved from the identity scope, it is used locally as the full name. Refer to your provider for more information.
Examples- username
- displayname
- user:name
The Identity Scope Email value is the name of the property contained in the identity scope data retrieved from the identity scope, it is used locally as the email address. Refer to your provider for more information.
Examples- email_address
- user:email
The Client ID value is the client ID for the registered application with the SSO provider, available from the provider's website.
The Client Secret value is the client secret for the registered application with the SSO provider, available from the provider's website.
Add an Authentication Using OAUTH 2.0
1. Click the Add Item button.2. Type a name in the Name field.
3. Optional: Click the lookup icon in the Icon field, navigate your files and open an image file.
4. Click the lookup icon in the Authentication Type field and select OAUTH.
5. Type your Authentication URL endpoint in the Authentication URL field.
6. Type your Token URL endpoint in the Token URL field.
7. Type your Identity URL endpoint in the Identity URL field.
8. Type in the scope with the level of access to retrieve the ID and email information of the user in the Identity Scope field.
9. Type the field name for the ID that will be returned about the user in the Identity Scope ID field.
10. Optional: Type the field name for the name that will be returned about the user in the Identity Scope Name field.
11. Optional: Type the field name for the email that will be returned about the user in the Identity Scope Email field.
12. Type in the client ID that you created with your provider for your application in the Client ID field.
13. Type in the client secret that you created with your provider for your application in the Client Secret field.
14. Optional: Click the Allow User Creation switch.
If you have the Allow User Creation switched to false, you will need to ensure the user exists in your application before the provider can verify the user, otherwise if the switch is true, the provider can verify the user for you and if the user does not already exist in your application, they will be created automatically.
15. Click the lookup icon in the Role field and select the role you want the users to be created with.
- You will need to have the Application View switch turned on in the Roles form for the role to be available in the Role field!
- The Role field is only available when the Allow User Creation switch is on. If the switch is off the user will need to be created manually in your application.
16. Click the Save button in the form app bar.