Cobot supports single sign-on (SSO). This means members and admins can log in using various identity providers instead of having to set up a password for Cobot. This can be set up via identity providers that support either OpenID Connect or OAuth2.
OpenID Connect is supported by some big tech companies, so your members can log in with their existing accounts. In addition, dedicated identity providers let you set up your own user management.
Google
Microsoft Azure Active Directory
Sign in with Apple
Auth0 / Okta
Also support social logins (Google, Facebook, LinkedIn, Twitter, GitHub, etc.)
OAuth2 requires more technical knowledge but is supported by more services and open-source projects.
WordPress OAuth / WP OAuth Server
Slack
Facebook
LinkedIn
To set up SSO, click Setup » Single Sign-on » Add Provider, and follow the guides. After adding a provider, you will be given a single sign-on link to place on your website.
Optionally, links can be added to the login and signup forms on Cobot. Members who visit this link will be able to sign up and log in to this space on Cobot using said provider. The provider must support the OAuth2 or OpenID Connect protocol, which will be used to authenticate members.
Here are the configuration steps for a few popular providers:
Slack
Unfortunately, Slack's OAuth2 implementation deviates from the standard, requiring a bit of extra setup.
To set up Cobot Single Sign-on (SSO) with Slack:
Create an app on Slack: go to https://api.slack.com/apps/new
Click on From scratch.
Give it a name and select the Slack workspace to use.
Copy the Client ID and Client Secret for later.
Click on OAuth & Permissions in the left column. Scroll down to Scopes.
Under User Token Scopes add identity.basic
and identity.email
.
Leave this page open and open your Cobot space in a new tab. Click on Setup → Single Sign-on → Add Provider → Add OAuth 2 Provider.
Fill out the form as below:
Name:
Slack (or anything else, this will be shown on the login button)
OAuth Client ID
the Client ID from Slack
OAuth Client Secret
the Client Secret from Slack
Show link
check
Debug mode
don't check.
Access Token Endpoint URL
https://slack.com/api/oauth.v2.access
Access Token Scope
leave blank
User Endpoint URL
https://slack.com/api/users.identity
User Email JSON Pointer
/user/email
Access Token JSON Pointer
/authed_user/access_token
Click Save.
Click on the link with the name you entered in the form.
Copy the OAuth Redirect URL. Go back to the tab with your Slack app that you left open.
On the OAuth & Permissions page, scroll down to Redirect URLs.
Add the redirect URL from the previous step. Click Save URLs.
Now when people try to log in to your Cobot space, they see a button Log in with Slack.
Google uses OpenID Connect which makes the setup very easy.
Create an app on Google
Create a login provider configuration on Cobot under Setup -> Single Sign-on -> Add OpenID Connect Provider
and fill out the form as below (add the Client ID/secret from Google):
More information about using Google for OpenID Connect can be found here.
Microsoft Azure Active Directory B2C
Microsoft uses OpenID but not all of it so the setup is not as easy as it should be. When setting up SSO, select OAuth 2 and not OpenID Connect.
Fill out the form as below, replacing <TENANT_ID> with your tenant id from Microsoft.
Authentication URL
https://<TENANT_ID>.b2clogin.com/<TENANT_ID>.onmicrosoft.com/B2C_1A_PortaleStdFtc_SI/oauth2/v2.0/authorize
Access Token Endpoint URL
https://<TENANT_ID>.b2clogin.com/<TENANT_ID>.onmicrosoft.com/B2C_1A_PortaleStdFtc_SI/oauth2/v2.0/token
Access Token Scope
openid
User Endpoint URL
User Email JSON Pointer
Access Token JSON Pointer
/id_token
For more information, click here.