You are reading the documentation for an outdated Corteza release. 2024.9 is the latest stable Corteza release.

External Authentication Providers

The use of external authentication providers allows your users to use external services (such as Google and GitHub) for authentication purposes. External providers can be defined in the Corteza Admin panel, under the System  Settings  External authentication providers.

Annotated image

To enable an external authentication provider, you must register Corteza as a client using the provider’s user interface. Once you’ve obtained the user key and secret, you can configure Corteza using the admin panel. External providers become effective immediately without server restart.

Authentication Providers

Google

To enable Google authentication, you need to retrieve your application credentials:
  1. Go to Google Sign-in Guide and click on "Configure a project" button.

  2. Select an existing or create a new project.

  3. Set a product name.

  4. On "Configure your OAuth client" screen select "Web browser" and paste the URL where your Corteza system is running (including https://).

  5. Copy and paste both Client ID and Client Secret fields to Corteza Admin.

Facebook

To enable Facebook authentication, you need to retrieve your application credentials:
  1. Go to Facebook for developers website, click on "Add a new app" or select an existing app.

  2. On the list of available products search for "Facebook Login" and click on the "Set Up" button.

  3. Select "Web" platform and paste the URL where your Corteza system is running.

  4. Go to "Settings" and then "Basic" in the left sidebar.

  5. Copy and paste both App ID and App Secret fields to Corteza Admin; app ID maps to client key, app secret maps to secret.

GitHub

To enable GitHub authentication, you need to retrieve your application credentials:
  1. Go to GitHub and create a new OAuth application.

  2. Copy and paste both Client ID and Client Secret fields to Corteza Admin.

LinkedIn

To enable LinkedIn authentication, you need to retrieve your application credentials:
  1. Go to LinkedIn, fill out the form and click on "Create app".

  2. Go to Auth section and copy and paste both the Client ID and Client Secret fields to Corteza Admin.

Unresolved include directive in modules/integrator-guide/pages/authentication/external/index.adoc - include::saml.adoc[]

Adjust user role membership

Each of the external authentication providers supports restricting and adjusting the user’s role membership when a specific external authentication provider is used.

When using in combination with security settings on authentication client, settings from the authentication client are applied first, then settings from external authentication provider.

To configure role membership, click on the edit icon next to the external authentication provider.

Annotated image

On the bottom of the modal you should see three inputs for permitted, prohibited, and forced roles.

Annotated image

Permitted roles

List of roles that users are allowed to keep.

Prohibited roles

List of roles that are removed from user.

Forced roles

List of roles that are added to user when authenticating with this external provider.