Single Sign On with OAuth 2

Owned by Felix Bauer
Last updated: Jun 12, 2023 by Olek Pucher
1 min read

We support OAuth in flexible configurations. This includes also OIDC and connections to Microsoft AD FS.

Information that is needed by us

You need to get the following information from the OAuth Provider:

  • Client ID

  • Client Secret (Please don’t share via mail)

  • Authorization Endpoint (URL)

  • Token Endpoint (URL)

  • Userinfo Endpoint (URL, not necessary for OIDC/ADFS)

  • Mapping between claim names (see below)

Information that is needed by you

The following URL needs to be whitelisted in the OAuth Provider:

https://[domain of 3YOURMIND platform]/auth/oauth/callback/

 

Mapping between claim names

In order to map user information from the OAuth provider to the 3YOURMIND System the following Attribute Mappings are possible. For each of the items in the following table, you can either:

  • Do not provide a mapping. The software will try to fetch the information from the OAuth provider using the “3YOURMIND Key Name”. If email can not be found, the connection fails.

  • Provide a mapping. E.g. first_name may be mapped to GivenName

  • Provide a default value (e.g. city can be “Berlin” for all customers)

3YOURMIND Key Name

Required

Belongs to

Explenation

3YOURMIND Key Name

Required

Belongs to

Explenation

email

yes

User

 

customer_number

no

User

 

first_name

no

User + Address

 

last_name

no

User + Address

 

line1

yes, if address should be created. If this field is missing, no Address will be created

Address

 

zip_code

yes, if address should be created. If this field is missing, no Address will be created

Address

 

city

yes, if address should be created. If this field is missing, no Address will be created

Address

 

country_id

no (if not present, default country will be used)

Address

 

company_name

no

Address (customisable field)

 

vat_id

no

Address (customisable field)

 

department

no

Address (customisable field)

 

title

no

Address

 

line2

no

Address

 

state

no

Address

 

phone_number

no

Address

 

user_panel_access_group

no

UserAccessGroups

Can be one of viewer, buyer. If not provided, the default will be used - refer to Creating and Configuring your Organization | User Roles

 

SetUp

The setup will be carried out by our Technical Support Team. Please get in touch with us to coordinate it.