Skip to main content

OAuth 2.0

Integrating SEI with an OAuth 2.0 provider—such as Microsoft, Google, Auth0, or Okta—enables secure single sign-on (SSO) for your users. This setup lets users to authenticate with their existing company credentials instead of creating separate passwords for SEI.

To configure OAuth 2.0 authentication, register SEI as an application with your provider and enter the required connection parameters in the Authentication page. Each application and add-in may require a specific redirect URLs.

important

For security and compliance reasons:

  • Avoid multitenant configurations – use single‑tenant to reduce cross‑tenant access risks.
  • Avoid using email as the user identifier – emails can change and may not be unique. Prefer claims such as oid or sub.

Common providers

Registration steps

SEI and the Excel Add-in each require specific redirect URLs. Register both URLs as authorized redirect URIs with your provider to allow users to sign in to both components.

  1. Log in to your OAuth provider’s admin portal.
  2. Register a new application or client (follow the provider's documentation for this process).
  3. Collect the required parameters as listed below.
  4. Log in to SEI.
  5. In the navigation panel, select the gear icon to open Administration.
  6. Select Security, then Authentication.
  7. Create a new OAuth 2.0 provider entry using these values.

tip

For a full configuration example, see OAuth 2.0 Configuration Example

Required parameters

ParameterDescription
Client IDIdentifies SEI as a registered application to the provider and builds login URLs.
Client SecretSecures client authentication between SEI and the OAuth provider.
Authorization EndpointDirects users to the provider’s login for consent and returns an authorization code.
Token EndpointIssues an access token to SEI in exchange for a valid authorization code.
User Info EndpointSupplies user profile data to be mapped to SEI accounts after successful login.
ScopesDefines and limits what user account information SEI can access; scopes prompt user consent.
Discovery Endpoint(Optional) Provides metadata for the OAuth provider and helps automated configuration.