Custom SSO is one of the OAuth2 SSO methods. Click here to learn more about how OAuth2 SSO works and what other OAuth2 SSO methods Bettermode supports.
Required credentials for setting up Custom SSO
Client ID:* An alphanumeric string publicly exposed and used by the service API to identify the application. This is also used to build authorization URLs that are presented to users.
Client Secret:* A secret known only to the application and the authorization server. It protects the resources by only granting tokens to authorized requestors.
Identity Provider URL:* Domain URL of your SSO provider.
Authorization URL*: The endpoint for the SSO provider authorization server to retrieve the Authorization code needed to authorize the user access.
Token URL:* The endpoint to retrieve the token.
User Profile URL: The URL that Bettermode sends a GET request to, which expects the user's information in JSON format. Learn more about the User's JSON Profile Structure.
Scope:* Defines the user fields and the permission that Bettermode should have access to. If you're not sure what it is, you can skip entering any value for it.
Login Button Text:* Text defined here will appear on the login page for the users. You can insert any text. For example: Log in with SSO.
Settings URL: If it's defined, The URL a browser redirects to when a user needs to edit their e-mail address to prevent confusion.
Logout URL: After the user is logged out of Bettermode we're sending them to the URL provided and you can log them out of the identity management system as well.
Login Button Text: Text defined here will appear on the login page for the users. You can insert any text. For example: Login with ABC
Callback URL: The URL a browser redirects to once the process of Authentication is complete.
Set up OAuth2 SSO
Here is the step-by-step tutorial to set up OAuth2 SSO
Once all the information from the previous section is gathered, log into Bettermode using your admin account, click on your profile picture on top-right > Administration > Settings > Authentication > and click on the Enable Single sign-on option:
2. Choose Custom Provider as SSO Provider and fill in the required information, as explained in the previous section.
❗Important note: All fields are mandatory.
3. Once updated, toggle the "Enable OAuth2" switch and click Update.
4. Once updated, visit the SSO provider and add the Callback URL. It will be the URL of your community address appended with /ssos/redirect.
Callback URL example:
URL - https://community4.blogha.com
Callback URL - https://community4.blogha.com/ssos/redirect
5. To test if it is set up correctly, visit the community URL and click on the Login Button. Example: https://community1.blogha.com. Authenticate using existing/new credentials on the SSO login page.
6. Congratulations! OAuth2 SSO is now up and running!
Login & register with email
If a member should be directed to the SSO provider page directly when they open the community, you need to disable Login & register with email.
To disable this option, click on your profile picture on the top-right > Administration > Settings > Authentication > turn off the toggle for Login & register with email:
Once disabled, the user will not see the default option of signing up or logging in using Email and Password.