Single Sign On (SSO)
What is Single Sign On?
Single Sign On (SSO) is a mechanism that enables your app users to signup or login to your app using their existing providers such as Google, Twitter, and Facebook.
SSO is only available on Pro plans and higher.
Getting started with SSO
To get started with Single Sign On, you must first enable the setting by going to Settings > User Settings > General > Login/Signup Methods and enabling the SSO method that you would like your users to use.
Once enabled, you will need to add the ID and Secret supplied by the provider. In the instructions, below we will demonstrate how to obtain these values from Google, Facebook and Twitter.
To get the Client ID and Client Secret from Google, start by going to the API Credentials Portal in the Google Console: https://console.developers.google.com/apis/credentials
Create OAuth Consent Screen
Create a new OAuth consent screen in your Google Console. This will be where you enter your details about your app, the app logo, and other relevant details. If this will be used only within your organization, select Internal, otherwise External.
After creating the OAuth consent screen, head over to the Credentials menu, click + CREATE CREDENTIALS, and choose OAUTH client ID.
On the next screen, choose:
- Application Type = Web application
- Name = a name of your choice
- Authorize redirect URI's = Get this value from Tadabase (see below)
To get the Callback URL, also knows as Authorized Redirect URLs, get this value from within your app settings for the specific provider you are enabling this for.
Save Credentials to App
Google will then provide you with the Client ID and Client Secret which must be pasted into the SSO settings inside of Tadabase.
Adding SSO to the Signup Component
In order for your users to login to your app using SSO, they must sign up using the login component.
In the coming weeks we will be adding ability to add SSO method to existing users using the Profile component as well as manage and remove SSO methods.
If you have Email signups and logins enabled you can add the Single Sign on methods directly into the Signup form.
When email signups are disabled in the User Settings, and an SSO method is enabled as can be seen in the image below, you must add the SSO links in the Single Sign On (SSO) screen instead:
The default signup for will be replaced with the Single Sign On (SSO) form which will appear during this circumstance. You can add your SSO buttons into the Single Sign On (SSO) form instead
Adding SSO to the Login Component
To add the SSO provider as an option in the login form, open the login form and hover over the column you wish to add it into. Click the + icon and choose Login With Google.
This will add the Login With Google option inside your login component.
SSO on Copied Apps
If a copy of an app with SSO set up has been created and the users of the copied app must be able to use their Google account to log in, you may enable this by adding the callback URL of the copied app to the Authorized URIs of the existing OAuth Client ID for the original app.