.png){kind=logo}
OAuth Domains
For authenticating users using Oauth and an IDP.
OAuth Domain Configuration
General Configuration Options | Description |
|---|---|
Client ID | This will be provided by your IDP. |
Secret Client | This will be provided by your IDP. |
Authorization URL | This will be provided by your IDP. |
Token URL | This will be provided by your IDP. |
User Information URL | This will be provided by your IDP. |
Automatic Provisioning of Users | If enabled, this setting will import a user's email, name, and group membership in Signum the first time the user authenticates against the IDP. If this setting is not enabled, you will need to manually populate these data fields for users. Troubleshooting Tip You may see an error, “User found, but does not belong to any roles” when attempting to login to Signum after authenticating with the IDP. This is because every user accessing the Admin Web Console must be assigned a Role in Signum and the authenticating user has not yet been assigned one by the Signum Administrator. This can be solved by either having the System Admin login to Signum and assign this new Signum user to a role or by using IDP groups to assign an entire group of users to a particular role which will allow those group members to automatically log in. |
IDP Configuration | Description |
|---|---|
Sign-In redirect URI | Configured at your IDP. This value will be “https://the-url-of-your-signum-deployment.com:443/Auth/OAuth2Consumer”. For example, if the URL of your Signum deployment is signumdemo, this value would be “https://signumdemo.com:443/Auth/OAuth2Consumer”. |
OAuth Attribute Mapping
Attribute Mapping Options | Description |
|---|---|
Name | The value you have configured for the “name” attribute from your IDP. |
Last Name | The value you have configured for the “last name” attribute from your IDP. |
The value you have configured for the “email” attribute from your IDP. | |
Username | The value you have configured for the “username” attribute from your IDP. This option is only available if you do not enable Use email as user identifier. |
Use Groups | Enable to have Signum use a user's group membership in the claim. |
Groups | The groups to import. |
Use email as User Identifier | Enable this option if your organization uses the email attribute as the identifier for users instead of the username. Note, this option needs to be configured at the time of domain creation. It is not possible to edit this property once a domain has been created. |
IDP URL Configuration
Users can be directed directly to the IDP login page, skipping the Signum login page by navigating directly to a URL with the below configuration. After authenticating, the user will be sent back to the Signum Admin Web Console.
URL |
|---|
https://Your-Signum-URL/login?domain=The-Domain-Alias |