Skip to main content

SSO Identity Configuration

In the SSO Identity tab under Organization Settings, administrators can configure SpaceMedia to act as an Identity Provider (IdP), allowing users to sign in using OAuth2 via SpaceMedia. This functionality enables organizations to use SpaceMedia’s authentication system for logging into their platform, streamlining user management.

1. How to Use This Identity SSO

SpaceMedia supports OAuth2 SSO for user sign-in. The following endpoints are available for integrating your application with SpaceMedia’s identity authentication system:
  • Authorize URL:
    https://enterprise.spacemedia.uk/oauth/authorize
  • Token URL:
    https://enterprise.spacemedia.uk/oauth/token
  • Profile API:
    https://enterprise.spacemedia.uk/api/user
  • Logout URL (API):
    https://enterprise.spacemedia.uk/api/logout
To implement SSO in your app, use your Client ID and Client Secret to request access tokens for user authentication.

2. Enable/Disable SSO Authentication

In the Identity SSO section, you can toggle whether Single Sign-On authentication is enabled or disabled for your organization. Enabling this option will allow your users to sign in via OAuth2 using SpaceMedia as the identity provider.
  • Toggle SSO Authentication:
    Enable or disable this feature by using the toggle switch.
Caution: Disabling SSO will revoke all previously issued access tokens, which will impact users who are signed in via SSO.

3. Client Redirect URI

The Client Redirect URI is the URL where users will be redirected after authentication via OAuth2. You must configure this URL to match the one provided by your application during the OAuth2 flow.
  • Enter the Redirect URI in the provided field (e.g., https://your-hostname/uri...).
Note: Ensure that this URL matches the one registered in your OAuth2 client settings.

4. OAuth 2 Client ID & Client Secret

Once SSO Authentication is enabled, SpaceMedia will generate an OAuth 2 Client ID and Client Secret for your organization. These credentials are required for initiating the OAuth2 flow and exchanging authorization codes for access tokens.
  • OAuth Client ID: This unique identifier is generated for your organization and can be used to authenticate with SpaceMedia’s identity system.
  • OAuth Client Secret: The secret key used in conjunction with the client ID for securely making requests.
Note: If the client ID and secret are already generated, they will be displayed in the settings, but they cannot be modified. To regenerate the credentials, you can click the Re-generate button.

5. Generate/Re-generate Client ID & Secret

If you need to generate new OAuth Client ID and Secret, click on the Generate Client ID & Secret button. This will create new credentials that can be used for integrating SSO.
Re-generation: If new credentials are required (e.g., for security reasons or changing the integration), you can click Re-generate to create a new client ID and secret.

6. Save Changes

After configuring the Client Redirect URI and enabling SSO authentication, make sure to click Save Changes to apply your settings. This will update the authentication configuration for your organization and make it live for user sign-ins via SSO.
This page provides the necessary steps to configure SpaceMedia to act as an identity provider for your organization. By enabling SSO Authentication, you can simplify user sign-ins and manage authentication centrally. Ensure that your OAuth2 integration is correctly set up by following the steps outlined in this guide. Let us know if you need any assistance with the integration!