OAuth 2.0 Configuration Example
This section explains how to configure OAuth 2.0 providers for Microsoft and Google, with reference examples for each. For detail about each parameter, see Authentication.
Microsoft
Provider information
| Parameter | Example |
|---|---|
| Client ID | 11de338f-3443-4c96-8fa5-81e5c682af10Specifies the application’s unique identifier. Find it on the Overview page in Azure. |
| Client Secret | (hidden for security; enter yours here) Provides secure client authentication. Create under Certificates & secrets. |
| Discovery Endpoint | https://login.microsoftonline.com/6fe2c527-u776-4v20-kqq8-a63670f1043r//v2.0/.well-known/openid-configurationPoints to Azure OpenID Connect metadata. Find under Endpoints in Overview. |
| Authorization Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b69640f1056b/oauth2/v2.0/authorizePoints to Azure OpenID Connect metadata. Find under Endpoints in Overview. |
| Token Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b69640f1056b/oauth2/v2.0/tokenPoints to Azure OpenID Connect metadata. Find under Endpoints in Overview. |
| User Info Endpoint | https://graph.microsoft.com/oidc/userinfoRetrieves authenticated user profiles. |
| Scopes | openid, email, offline_access Defines access levels and claims included in the authentication process. |
Authentication configuration example
| Field | Example |
|---|---|
| Activate | Enabled |
| Description | Sign In With Azure[OAuth] |
| Client ID | 11de338f-3443-4c96-8fa5-81e5c682af10 |
| Client Secret | (hidden for security; enter yours here) |
| Discovery Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/v2.0/.well-known/openid-configuration |
| Authorization Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/oauth2/v2.0/authorize |
| Token Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/oauth2/v2.0/token |
| Scope | openid, email, offline_access |
| Redirect URLs |
|
| User Info Endpoint | https://graph.microsoft.com/oidc/userinfo |
| User Identifier | ID token claim for matching users. Prefer sub or oid for multitenant setups."sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |
| Prompt | select_account |
| Force reauthentication | Off |
Map users example
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
admin@companyname.com | |
| User Identifier | "sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |
Google
Provider information
| Parameter | Example |
|---|---|
| Client ID | 343312345323453-t3424qpj03iie75appleqasff42ksq322.apps.googleusercontent.comSpecifies the application’s unique identifier. Find it on the Overview page in Azure. |
| Client Secret | (hidden for security; enter yours here) Provides secure client authentication. Create under Certificates & secrets. |
| Authorization Endpoint | https://accounts.google.com/o/oauth2/v2/authGeneric endpoint. Find in Authenticating the user. |
| Token Endpoint | https://oauth2.googleapis.com/tokenGeneric endpoint. Find in Authenticating the user. |
| User Info Endpoint | https://openidconnect.googleapis.com/v1/userinfoGeneric endpoint for all registered applications |
| Scopes | openid, email Defines access levels and claims included in the authentication process. |
| Discovery Endpoint | https://accounts.google.com/.well-known/openid-configurationGeneric endpoint. Find in Discovery document. |
Authentication configuration example
| Field | Example |
|---|---|
| Activate | Enables |
| Description | Sign In With Azure[OAuth] |
| Client ID | 343313245323453-t342qjpj03iie75appleqsaff42ksq322.apps.googleusercontent.com |
| Client Secret | (hidden for security; enter yours here) |
| Discovery Endpoint | https://accounts.google.com/.well-known/openid-configuration |
| Authorization Endpoint | https://accounts.google.com/o/oauth2/v2/auth |
| Token Endpoint | https://oauth2.googleapis.com/token |
| Scope | openid, email |
| Redirect URLs |
|
| User Info Endpoint | https://openidconnect.googleapis.com/v1/userinfo |
| User Identifier | ID token claim for matching users. Prefer sub or oid for multitenant setups."sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |
Map users example
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
admin@companyname.com | |
| User Identifier | "sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |