Overview
The article provides a step-by-step guide on configuring OAuth2 for dual login and single sign-on (SSO) in AdvocateHub, detailing the setup process, including application credentials, API endpoints, URL paths, data mapping, and branding. It distinguishes between the dual login option, which offers OAuth2 alongside other methods, and the SSO configuration, which makes OAuth2 the exclusive login method. The article also covers the additional step of configuring the signout URL for SSO and troubleshooting tips for greyed-out fields during setup.
Information
Note: This feature may not be available in your plan.
- Choosing Your Configuration
- Configuring OAuth2 Dual Login
- Enable OAuth Single Sign-On
- Configuring Signout URL
Choosing Your Configuration
There are two possible configurations for OAuth2 depending on the experience you'd like for the advocate sign in / sign up flow.
-
OAuth2 Dual Login : This provides the Advocate with the option to sign in / sign up via OAuth2 in addition to these:
- Traditional Username / Password method
- Social Sign-in using Twitter, LinkedIn, Facebook
- OAuth2 Single Sign-On : OAuth2 is the only option for sign-in / sign up to your Hub. In this configuration, advocates are directed to your sign-in page upon entering the Hub - bypassing the default AdvocateHub sign-in options.
Both of these options have the same setup process, but Option 2 requires an additional configuration step. For a more detailed look at how these flows look to your Advocate's, check out our OAuth2 FAQ article.
Configuring OAuth2 Dual Login
To find the OAuth 2 configuration area, click on your name in the top right corner of Admin View and click on Integrations > Custom OAuth Provider .
Below are the steps to configure the OAuth 2.
1. Enter your application id/client id and secret. The callback URL should be: https://{{yourhubdomain}}.influitive.com/users/auth/custom_oauth2/callback
or if you have your custom domain, please enter: https://{{your_custom_domain}}/users/auth/custom_oauth2/callback
2. Enter the API endpoint for the OAuth Provider. i.e. https://accounts.oauthprovider.com
3. Provide the URL path to find the Token, Authorization, and where to fetch the user's information (you may need to provide configure a scope to gain access to the user's email address).
4. Map the UID, email address, and name from the OAuth2 provider to Influitive
5. Provide branding, and button images (these show up on the advocate's profile, and if the OAuth provider is added to our login screen)
For your reference, here are the fields. Those marked with a * are required:
Once this is setup, you are all set for the OAuth2 Dual Login. If you would like to present OAuth2 as the only login option for your Hub, please proceed to the next step.
Enable OAuth Single Sign-On
After completing the steps above, you can now proceed with Option 2 as mentioned in the introduction. That is, bypass the AdvocateHub login system and present OAuth 2 as the only login option for your Hub.
1. Go to Settings > System > Login Security
2. In the Single Sign-On section, choose the Enable option and select OAuth.
3. Save your changes and you're good to go. OAuth is now the only way advocates can enter your Hub.
Configuring Signout URL
To configure the signout URL we need to do the following:
1. Go to Settings > System > Login Security
2. In the Single Sign-On section, enter your Signout URL in the 'SSO Signout URL' field.
Note : If the field is greyed out you can enable Single Sign-On briefly which will activate the field allowing you to enter the URL and then disable Single Sign-On again before saving.
3. Save your changes
FAQ
What is the difference between OAuth2 Dual Login and OAuth2 Single Sign-On in AdvocateHub?
OAuth2 Dual Login allows advocates to sign in/sign up via OAuth2 or other methods, while OAuth2 Single Sign-On makes OAuth2 the only sign-in/sign-up option, directing users to the sign-in page upon entering the Hub.
How do I configure the signout URL for OAuth Single Sign-On in AdvocateHub?
Navigate to Settings > System > Login Security, input your Signout URL in the 'SSO Signout URL' field, and save your changes. If the field is greyed out, temporarily enable Single Sign-On to edit it, then disable it again before saving.
What should I do if the 'SSO Signout URL' field is greyed out during configuration?
Temporarily enable Single Sign-On to make the field editable, enter the URL, and then disable Single Sign-On again before saving your changes.
Where can I find more detailed information on the advocate sign-in/sign-up flows for OAuth2 configurations?
For a detailed look at the advocate sign-in/sign-up flows for OAuth2 configurations, you can check out the OAuth2 FAQ article provided in the guide.
What are the steps to configure OAuth2 Dual Login in AdvocateHub?
Access the OAuth 2 configuration in Admin View, enter application credentials, specify the API endpoint, provide URL paths for endpoints, configure scope, map user data, upload branding, and complete additional steps for OAuth2 Single Sign-On if needed.