Identity provider

Enable Single Sign-On (SSO) to allow users to log in with their corporate credentials from identity providers like Microsoft Active Directory.

Before configuring a specific identity provider, you need to set up your organization settings. This ensures that users logging in via Single Sign-On (SSO) are correctly associated with your organization.

Navigate to Settings > Security > Identity Providers.
Under Organization Settings, define your Organization Slug. This is a unique identifier for your organization used in URLs (e.g., demo).
Set the Default Role for new users who sign up through this organization (e.g., Chat user).
In the Domains section, add all the domains that should be associated with your organization for SSO discovery (e.g., example.com).
Click Save.

Part 2: Configuring an Identity Provider

Choose one of the following providers to connect.

Option A: Configure Google Login

Step I: Locate Your Redirect URI

From the Identity Provider Settings, select the Google tab.
Copy the Redirect URI provided. It will look something like this: https://account.ebbot.eu/realms/ebbot/broker/ebxn4o.../endpoint
You will need this URL during the Google Cloud Console setup process.

Step II: Access the Google Cloud Console

Go to https://console.cloud.google.com/.
Select a project or create a "NEW PROJECT".

Step III: Set up OAuth Consent Screen

In the left menu, navigate to APIs & Services > OAuth consent screen.
Choose a User Type (e.g., Internal for Google Workspace or External).
Fill in the required information, including:
- App name
- User support email
- Application home page
- Authorized domains
- Developer contact information

Step IV: Create OAuth 2.0 Credentials

Go to "Credentials" in the left menu.
Click "CREATE CREDENTIALS" and select "OAuth client ID".
For Application type, select "Web application".
Under "Authorized redirect URIs", click "ADD URI" and paste the Redirect URI you copied in Step I.
Click "Create". You will now be provided with a Client ID and a Client Secret.

Step V: Connect in the Application

Return to the Identity Provider Settings in your application.
Paste the Client ID and Client Secret into their respective fields.
(Optional) Fill in the Prompt and Hosted Domain fields if needed.
Click Connect.

Option C: Configure SAML v2.0

Step I: Locate Service Provider Details

From the Identity Provider Settings, select the SAML v2.0 tab.
You will find two important URLs:
1. Redirect URI (or Single Sign-On URL/ACS URL): https://account.ebbot.eu/realms/ebbot/broker/ebxn4q.../endpoint
2. Service Provider Entity ID (or Audience URI): https://account.ebbot.eu/realms/ebbot
You will need these URLs to configure your SAML identity provider.

Step II: Configure Your SAML Provider

Access your SAML identity provider's admin console (e.g., Okta, Auth0, ADFS).
Create a new SAML application or integration.
Configure the following settings within your provider:
- Single Sign-On URL / ACS URL: Use the Redirect URI from Step I.
- Audience URI / SP Entity ID: Use the Service Provider Entity ID from Step I.
- Name ID Format: Email Address is recommended.
- Attributes/Claims: Configure attributes to be sent, such as email and name.

Step III: Configure the Form Fields

Once the application is configured in your SAML provider, it will generate metadata. Locate the SAML Descriptor URL (also known as metadata URL) from your provider.
Return to the Identity Provider Settings in your application.
Paste your provider's Service Provider Entity ID into the corresponding field.
Paste the SAML Descriptor URL from your provider into its field.

Step IV: Save and Test

Click Connect to save the configuration.
Test the SSO login flow to ensure it works correctly.

PreviousConfigure SAML in Azure

Last updated 7 days ago

Was this helpful?