Identity provider
Enable Single Sign-On (SSO) to allow users to log in with their corporate credentials from identity providers like Microsoft Active Directory.
Before configuring a specific identity provider, you need to set up your organization settings. This ensures that users logging in via Single Sign-On (SSO) are correctly associated with your organization.
Navigate to Settings > Security > Identity Providers.
Under Organization Settings, define your Organization Slug. This is a unique identifier for your organization used in URLs (e.g.,
demo).Set the Default Role for new users who sign up through this organization (e.g.,
Chat user).In the Domains section, add all the domains that should be associated with your organization for SSO discovery (e.g.,
example.com).Click Save.
Part 2: Configuring an Identity Provider
Choose one of the following providers to connect.
Option A: Configure Google Login
Step I: Locate Your Redirect URI
From the Identity Provider Settings, select the Google tab.
Copy the Redirect URI provided. It will look something like this:
https://account.ebbot.eu/realms/ebbot/broker/ebxn4o.../endpointYou will need this URL during the Google Cloud Console setup process.
Step II: Access the Google Cloud Console
Select a project or create a "NEW PROJECT".
Step III: Set up OAuth Consent Screen
In the left menu, navigate to APIs & Services > OAuth consent screen.
Choose a User Type (e.g., Internal for Google Workspace or External).
Fill in the required information, including:
App name
User support email
Application home page
Authorized domains
Developer contact information
Step IV: Create OAuth 2.0 Credentials
Go to "Credentials" in the left menu.
Click "CREATE CREDENTIALS" and select "OAuth client ID".
For Application type, select "Web application".
Under "Authorized redirect URIs", click "ADD URI" and paste the Redirect URI you copied in Step I.
Click "Create". You will now be provided with a Client ID and a Client Secret.
Step V: Connect in the Application
Return to the Identity Provider Settings in your application.
Paste the Client ID and Client Secret into their respective fields.
(Optional) Fill in the Prompt and Hosted Domain fields if needed.
Click Connect.
Option B: Configure Microsoft Login
Step I: Locate Your Redirect URI
From the Identity Provider Settings, select the Microsoft tab.
Copy the Redirect URI provided. You will need this for the Microsoft Entra setup.
Step II: Access the Microsoft Entra Admin Center
Go to https://entra.microsoft.com/.
Step III: Register Your Application
Navigate to Applications > App registrations in the left menu.
Click "+ New registration".
Enter the following information:
Name: A name for your application.
Supported account types: Choose who can use this application.
Redirect URI: Select "Web" and paste the Redirect URI you copied in Step I.
Click "Register".
Step IV: Configure Authentication and Tokens
After the app is created, go to "Authentication" in the left menu.
Under "Platform configurations", verify that the Redirect URI is correct.
Under "Advanced settings":
Set "Access tokens" to Yes.
Set "ID tokens" to Yes.
Save the changes.
Step V: Generate a Client Secret
In your app registration menu, go to "Certificates & secrets".
Click "+ New client secret", give it a description, and set an expiration.
Copy the Value of the newly created secret immediately. This is your Client Secret.
Step VI: Connect in the Application
Return to the Identity Provider Settings.
Paste the Client ID (also known as Application (client) ID from the "Overview" page in Entra) and the Client Secret you just generated into the appropriate fields.
Enter your Tenant ID (found on the "Overview" page in Entra).
(Optional) Fill in the Prompt field.
Click Connect.
Option C: Configure SAML v2.0
Step I: Locate Service Provider Details
From the Identity Provider Settings, select the SAML v2.0 tab.
You will find two important URLs:
Redirect URI (or Single Sign-On URL/ACS URL):
https://account.ebbot.eu/realms/ebbot/broker/ebxn4q.../endpointService Provider Entity ID (or Audience URI):
https://account.ebbot.eu/realms/ebbot
You will need these URLs to configure your SAML identity provider.
Step II: Configure Your SAML Provider
Access your SAML identity provider's admin console (e.g., Okta, Auth0, ADFS).
Create a new SAML application or integration.
Configure the following settings within your provider:
Single Sign-On URL / ACS URL: Use the Redirect URI from Step I.
Audience URI / SP Entity ID: Use the Service Provider Entity ID from Step I.
Name ID Format:
Email Addressis recommended.Attributes/Claims: Configure attributes to be sent, such as
emailandname.
Step III: Configure the Form Fields
Once the application is configured in your SAML provider, it will generate metadata. Locate the SAML Descriptor URL (also known as metadata URL) from your provider.
Return to the Identity Provider Settings in your application.
Paste your provider's Service Provider Entity ID into the corresponding field.
Paste the SAML Descriptor URL from your provider into its field.
Step IV: Save and Test
Click Connect to save the configuration.
Test the SSO login flow to ensure it works correctly.
Last updated
Was this helpful?