Skip to main content
Skip table of contents

OAuth Domains

After selecting an alias and the OAuth2 domain type, the Domain configuration wizard will present the options for configuring the OAuth Domain as seen below.

OAuth Domain Configuration

General Configuration Options

Description

Client ID

This will be provided by your IDP.

Secret Client

This will be provided by your IDP.

Authorization URL

This will be provided by your IDP.

Token URL

This will be provided by your IDP.

User Information URL

This will be provided by your IDP.

Automatic Provisioning of Users

If enabled, this setting will import a user's email, name, and group membership in Signum the first time the user authenticates against the IDP. If this setting is not enabled, you will need to manually populate these data fields for users.

Troubleshooting Tip

You may see an error, “User found, but does not belong to any roles” when attempting to login to Signum after authenticating with the IDP. This is because every user accessing the Admin Web Console must be assigned a Role in Signum and the authenticating user has not yet been assigned one by the Signum Administrator. This can be solved by either having the System Admin login to Signum and assign this new Signum user to a role or by using IDP groups to assign an entire group of users to a particular role which will allow those group members to automatically log in.

IDP Configuration

Description

URL for Assertions

Configured at your IDP. This value will be “https://the-url-of-your-signum-deployment.com:443/Auth/OAuth2Consumer”. For example, if the URL of your Signum deployment is signumdemo, this value would be “https://signumdemo.com:443/Auth/OAuth2Consumer”.

OAuth Attribute Mapping

Attribute Mapping Options

Description

Name

The value you have configured for the “name” attribute from your IDP.

Last Name

The value you have configured for the “last name” attribute from your IDP.

Email

The value you have configured for the “email” attribute from your IDP.

Username

The value you have configured for the “username” attribute from your IDP. This option is only available if you do not enable Use email as user identifier.

Use Groups

Enable to have Signum use a user's group membership in the claim.

Groups

The groups to import.

Use email as User Identifier

Enable this option if your organization uses the email attribute as the identifier for users instead of the username. Note, this option needs to be configured at the time of domain creation. It is not possible to edit this property once a domain has been created.

IDP URL Configuration

Users can be directed directly to the IDP login page, skipping the Signum login page by navigating directly to a URL with the below configuration. After authenticating, the user will be sent back to the Signum Admin Web Console.

URL

https://Your-Signum-URL/login?domain=The-Domain-Alias

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.