6.6.2.External login provider configuration
To configure a new login provider, click +new on the Logins provider page. The Login providers dialog will open which requires to:
- name the provider,
- choose a supported external provider from the Provider type list,
- set the provider availability – here you may set the applications that will use the given provider
- fill the required fields – detailed below for the provider types
- and click on OK to save the settings.
Configuring Google OAuth:
contentACCESS supports Google authentication as well. Would you like to use it, you need to apply for a Client ID and Client Secret by registering the contentACCESS application on the Google Developers Console page first. Open the page, sign in with your Google account and follow these steps:
- Click “Create a project” in the upper right “Select a project” menu:
- Name your project and create it:
- If the API Manager page isn’t already open, open the console menu and select “API manager”. On the left, click “Credentials”.
- Click “Create credentials”, then select “OAuth client ID”.
- If this is your first time creating a client ID, configure your consent screen by clicking “Configure consent screen”.
- Enter the product name and fill the optional fields if you want. Save your settings.
- Select the WEB application type for your project and enter JavaScript Origins, redirect URLs or both to the appropriate text fields.
- Click “Create” on the Google developers console and the Client ID and Client Secret will be created automatically. Save these values somewhere on your computer:
Use the URLs accessible in the Google login provider’s window in contentACCESS Central Administration, like in the blue frame on the picture below.
Now configure your Login provider in contentACCESS Central Administration. Open the Login providers page (System => Security => Login providers), click here on “+new”. In the Login providers window name your provider, select Google provider type and choose the application that should use this authentication type. Further enter the Client ID and Client Secret from step 8) to the respective text fields, and click OK.
Configuring Azure login provider:
contentACCESS supports log in using your Microsoft account. The first thing you need to do is to register an application (contentACCESS) under your Microsoft account. We used jack.bolton@tech-arrow.com personal account for the registration in our use case below.
- Go to the Windows Live application management site and sign in.
- Click “Add an app“ and name your application. The name that you specify should contain only alphanumeric characters and cannot be changed after registration is complete.
- The Application ID will be later used as the Client ID in your application (in the Login provider’s window of contentACCESS Central Administration).
- Click option Generate New Password. This will be the ClientSecret in your application. You should record this key, but we recommend that you do not store it in the same location as its corresponding client ID:
- Choose your application platform: Click “Add platform” and choose “Web“.
- Now you can specify the redirect URIs (– more with clicking on the Add Url button). Use the URL displayed in the Login provider’s window of the contentCCESS Central Administration.
Sample: https://[contentACCESS_Server:Port_Number]/CentralAdministration/LoginOAuth2.aspx/oauth2callback
- Upload your application logo, add terms of services and Privacy Statement. If you want to use the personal accounts too, you need to check the Live SDK support. Save your changes.
- Open the Login providers page (System => Security => Login providers) and click +new. Name your provider, select the “Azure” provider type and specify the applications that will use the Azure login (All applications/contentACCESS only/contentWEB only/Client applications only). Enter the Client ID and ClientSecret from steps 3) and 4) above and click “OK”.
Now configure the Azure login provider in the contentACCESS Central Administration.
With this step, this new login provider configuration has been enabled in contentACCESS. A user can use the configured login provider if this login type is associated with him. In the following subchapter we will learn how to associate a login type with a user.