Configuring OAuth 2.0
After creating a OAuth 2.0 provider in Identity Providers, the following tabs must be configured:
Note: For detailed information OAuth configuration, please refer to the OAuth documentation.
Identify Provider Settings
|
Parameter |
Description |
|---|---|
|
Name |
Defined when adding the provider, the name you want to give this connection. |
|
Map By Email? |
Select this to map the emails provided by the remote system, to those already provided in your 1Data Gateway installation. Creates identity provider links as users log in. If you do not select Map By Email you will need to configure Users. See the Configuring OAuth 2.0 section for more. |
|
Create missing users on login? |
When a User logs in via this Identity Provider, if they do not have a user profile in the system they will have a user profile created. This allows groups to be mapped to Identity Providers, allowing access to be restricted to groups. |
|
Email Attribute |
The name of the attribute that contains emails in your identity provider. |
|
Name Attribute |
The name of the attribute that contains users names in your identity provider. |
|
Group Attribute |
The name of the attribute that contains groups in your identity provider. |
|
Map supplier membership by group |
Enable this to access the Supplier Mappings tab. |
|
Map receiver permission by group |
Enable this to access the Receiver Mappings tab. |
|
SSO required? |
Select to force users to connect to 1Data Gateway through single sign on. Note: If this is set, the user accounts linked to the IDP cannot login using a 1Data Gateway local password and must authenticate against the remote system. |
Service Settings
|
Parameter |
Description |
|---|---|
|
Authentication Method |
Select which method should be used to make the User Info request. |
|
Client Id |
The client Id associated with the OAuth registration. |
|
Client Secret |
The client secret associated with the OAuth registration. |
|
Scopes |
Define the scope to limit access to specific values in the users account. e.g: email Note: The name of these values will change depending on the values within your setup. |
|
Authorization URI |
The location of the authorization token for the OAuth connection. |
|
Token URI |
The location of the OAuth token. |
|
Jwk set URI |
The location of a JSON Web Key used for authentication. |
|
User Info URI |
The location of the users information where the tokens are sent. |
|
User Name Attribute Name |
The name of the attribute in your authentication provider configuration that stores the Users names. |
|
User Info Authentication Method |
What method should be used to make the Authentication request. |
Supplier Mapping
After enabling and saving Map supplier membership by group in the Identity Provider Settings tab, the Supplier Mapping tab will appear.
You can create mappings that automatically add users to a supplier based on groups by clicking the 
button and entering the group.
Mappings can be deleted by clicking the 
button and confirming deletion.
Receiver Mapping
After enabling and saving Map receiver permissions by group in the Identity Provider Settings tab, the Receiver Mapping tab will appear.
You can create receiver permissions that automatically apply to Users within the specified group by clicking the button and entering the group.
Mappings can be deleted by clicking the button and confirming deletion.