Log In Sign up
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
API Docs OAuth Clients Access Tokens

Single Sign-On

Cobot supports single sign-on (SSO). This means members and admins can log in using various identity providers instead of having to set up a password for Cobot. This can be set up via identity providers that support either OpenID Connect or OAuth2.

OpenID Connect is supported by some big tech companies, so your members can log in with their existing accounts. In addition, dedicated identity providers let you set up your own user management.

  • Google
  • Microsoft Azure Active Directory
  • Sign in with Apple
  • Auth0 / Okta
  • Also support social logins (Google, Facebook, LinkedIn, Twitter, GitHub, etc.)

OAuth2 requires more technical knowledge but is supported by more services and open-source projects.

  • WordPress OAuth / WP OAuth Server
  • Slack
  • Facebook
  • LinkedIn

To set up SSO, click Setup » Single Sign-on » Add Provider, and follow the guides.

Here are the configuration steps for a few popular providers:

Unfortunately, Slack's OAuth2 implementation deviates from the standard, requiring a bit of extra setup.

To set up Cobot Single Sign-on (SSO) with Slack:

  • create an app on Slack with the identity.basic and identity.email scopes.
  • create a login provider configuration on Cobot under Setup -> Single Sign-on -> Add OAuth 2 Provider
  • and fill out the form as below:

Slack configuration

Google uses OpenID Connect which makes the setup very easy.

  • create an app on Google
  • create a login provider configuration on Cobot under Setup -> Single Sign-on -> Add OpenID Connect Provider
  • and fill out the form as below (add the Client ID/secret from Google):

Google configuration

More information about using Google for OpenID Connect can be found here:

https://developers.google.com/identity/protocols/oauth2/openid-connect

Microsoft uses OpenID but not all of it so the setup is not as easy as it should be. When setting up SSO, select OAuth 2 and not OpenID Connect.

Fill out the form as below, replacing <TENANT_ID> with your tenant id from Microsoft.

Authentication URL
https://<TENANT_ID>.b2clogin.com/<TENANT_ID>.onmicrosoft.com/B2C_1A_PortaleStdFtc_SI/oauth2/v2.0/authorize
Access Token Endpoint URL
https://<TENANT_ID>.b2clogin.com/<TENANT_ID>.onmicrosoft.com/B2C_1A_PortaleStdFtc_SI/oauth2/v2.0/token
Access Token Scope
openid
User Endpoint URL
https://www.<TENANT_ID>.it/infederazioneservices/api/v1/user/currentuser
User Email JSON Pointer
/email
Access Token JSON Pointer
/id_token

For more information see https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

back to index