help.sitevision.se always refers to the latest version of Sitevision

Add OAuth2 configuration

Add Oauth2 confoguration

General

Name

Enter a name for your login.

Identifier

Here you enter a UNIQUE identifier with only characters a-z, 0-9, _ and -

Description

Here you fill in a description about each Oauth2 configuration, e.g. what it will be used for, who/what uses it, etc.

Client ID

Client ID

Here you enter the client ID and client secret that you have from, for example, Azure, Google or Instagram.

Client ID

Here you enter the client ID from the underlying system.

Client secret

Here you enter the client secret from the underlying system.

Authentication provider

Authentication provider

Here you select the login service you want to connect to. There are a number of predefined login services set up. If you are using a different one, you can use the 'Generic' option.

  • Microsoft Azure - This will prompt you to enter the Tenant ID. This can also be called Directory ID, Directory ID or Client Organization
  • Google
  • Instagram
  • Generic
    - Publisher: Specifies an address for the login service.
    - Authorization endpoint URL: You find this url from your login service
    - Token endpoint URL: This url you find out from your login service
    - Client authorization method: Specifies how SiteVision will identify itself when contacting the login service. Default is 'client_secret_basic'. Some login services only support 'client_secret_post'. For non-confidential OAuth2 apps without client secrecy, specify 'none'.
Scopes

Scopes

Scopes are the permissions that will be requested by the user at login. The permissions are different for different resource servers.

Example of scopes for the Microsoft Graph API. When the scopes below are requested for a user, the user will have to authorize the OAuth2-App to read the user's files and to read and write in the user's calendars.

  • Files.Read
  • Calendars.ReadWrite

Default scopes

Default scopes are specified for cases where an Extension requests permissions for a user. These scopes will always be requested at login. The individual extension also has the option to request additional scopes.

Here it is a good idea to add the scopes to be requested by all users

Avoid scopes that require admin permissions on the resource server. If such scopes are sent, only administrators can log in

Click on the Add scope link to add a scope.

Application scopes

Specifies all scopes to be requested when an extension makes a call as an OAuth2 App. The extension has no option to add more scopes.

Click the Add scope link to add a scope.

The page published:

Did the information help you?