Configuring OAuth2 in Enterprise Management
This part of the guide covers implementing OAuth2 authentication in Enterprise Management. The examples here correspond to the client created in the Creating an OAuth2 Client section.
- Creating an OAuth2 Service
- Linking Your Users to an OAuth2 Service
- Logging In with OAuth2
- Next Steps
Creating an OAuth2 Service
- Go to Administration > Administration > Settings > Authentication > OAuth2 Servers.
- Click New OAuth2 service.
- Enter the the following values:
- Name:
Google
- Display name:
Sign in via Google
(This value will be displayed on the Enterprise Management login screen as a button.) - URL for authorization:
https://accounts.google.com/o/oauth2/auth
- URL to get access token:
https://accounts.google.com/o/oauth2/token
- OAuth2 client ID and OAuth2 client secret: the values correspond to the the client ID and the client secret obtained at the end of the Creating a Client ID section.
- Scope for Oauth2 requests:
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
- Batch Authentication: check this box
- URL for requesting user data:
https://www.googleapis.com/oauth2/v1/userinfo
- User field in user name answer:
email
- Name:
- Click Save.
Linking Your Users to an OAuth2 Service
You can now follow these steps to enable OAuth2 authentication for a user:
- In Enterprise Management, go to Administration > Administration > Users > Users.
- In the OAuth2 instance field, select the google service.
- Set Email to the user’s Google email address.
- Click Save.
Repeat these steps for any users executing web services.
Logging In with OAuth2
OAuth2 is not just for web services; it can provide another way for users to sign in.
- Click the Sign in via Google button on the login screen.
- Once redirected to the Google site, authenticate using your Google account, if not already done.
- When prompted to, allow Enterprise Management to access your Google profile when logging in for the first time.
You can also add a direct link (e.g., https://mycompany.sagex3.com/auth/oauth2/Google/loginStart
) to your bookmarks and use it to log in.
Note: You will be authenticated until you log out of your Google account, or until you clear your browser’s cookies. As a result, Enterprise Management may not ask you to authenticate each time.