SSO Consumer Settings
In the SSO Consumer Settings tab under Organization Settings, administrators can configure SpaceMedia to act as a consumer for a third-party identity provider (IdP). This allows users to sign in to SpaceMedia using their credentials from a remote identity provider, such as Google, Microsoft, or another OAuth2-compliant service.1. How to Use This Consumer SSO
To implement OAuth2 SSO with SpaceMedia as the consumer, you will need to configure the endpoints provided by your identity provider (IdP). SpaceMedia will use these endpoints for authentication and authorization.Required Endpoints:
- Authorize URL: The URL used by SpaceMedia to redirect users for authentication.
- Example:
https://your-idp.com/oauth/authorize
- Example:
- Token URL: The URL used by SpaceMedia to exchange authorization codes for access tokens.
- Example:
https://your-idp.com/oauth/token
- Example:
- Profile API: The URL where SpaceMedia can retrieve user profile information after authentication.
- Example:
https://your-idp.com/api/user
- Example:
- Logout URL (API): The URL SpaceMedia will use to log users out of the third-party IdP.
- Example:
https://your-idp.com/api/logout
- Example:
2. Enable/Disable Consumer SSO Authentication
In the Consumer SSO section, you can toggle whether Consumer SSO Authentication is enabled or disabled. Enabling this option allows your users to sign in using a third-party identity provider.- Toggle Consumer SSO Authentication:
Use the toggle switch to enable or disable this feature.
Caution: Disabling Consumer SSO will revoke all previously issued access tokens, which will affect users signed in via the third-party IdP.
3. Redirect URI
The Redirect URI is the URL where users will be redirected after authenticating with the third-party identity provider. This URI must match what your OAuth2 client has registered with the IdP.- Enter the Redirect URI in the provided field (e.g.,
https://your-hostname/uri...).
Note: This is the URI SpaceMedia will redirect users to after authentication.
4. OAuth2 Client ID & Client Secret
To authenticate with the third-party identity provider, you need an OAuth2 Client ID and Client Secret. These credentials will be provided by your identity provider and are required for SpaceMedia to interact with their OAuth2 endpoints.- OAuth Client ID: The unique identifier used to authenticate your organization with the IdP.
- OAuth Client Secret: The secret key used in conjunction with the client ID to securely request tokens.
Note: If you already have a generated OAuth Client ID and Client Secret, they will be displayed. If they have not been created, you can generate new credentials.
5. OAuth2 Authorize URL & Token URL
-
OAuth Authorize URL: This is the URL used by SpaceMedia to redirect users for authentication with your third-party identity provider.
Example:https://your-idp.com/oauth/authorize -
OAuth Token URL: The URL used by SpaceMedia to exchange authorization codes for access tokens from the IdP.
Example:https://your-idp.com/oauth/token
6. User Info URL (Optional)
- User Info URL: This optional URL is where SpaceMedia will retrieve user profile information from the third-party IdP after authentication.
Example:https://your-idp.com/api/user
7. Save Changes
After entering all the required information and configuring the settings for Consumer SSO Authentication, make sure to click Save to apply the changes. This will enable or disable the authentication method and apply the updated configuration.This page allows admins to set up SSO as a consumer of third-party identity providers. By enabling Consumer SSO Authentication, you can streamline the user sign-in process by letting users authenticate with external IdPs like Google or Microsoft.