Federated authentication via identity provider

help | 4 Editing General Settings | Federated authentication via identity provider

4.19 Federated authentication via identity provider

The user of a client has to authenticate himself when logging on to SwyxServer, see Authentication for clients

If your company uses Identity Provider services, you can configure federated authentication ( OAuth 2.0 and OpenID Connect) for SwyxServer and enable it for the desired users.

As of SwyxWare version 3.15 only the following identity providers are supported: Auth0 and Microsoft Azure (as a beta test).

Identity Provider	URL to the user documentation
Auth0	https://auth0.com/docs
Microsoft Azure	https://docs.microsoft.com/azure/active-directory/hybrid/whatis-fed

Requirements:

You must have an account with an identity provider that you can manage yourself.

The SwyxWare application must be configured in your identity provider account.

You need to enable the "google-oauth2" protocol in the account settings.

All SwyxWare users which should use federated authentication must be configured in the user directory at your identity provider and mapped to SwyxWare application.

The user names (UPN) at the identity provider must correspond to the email addresses of the SwyxWare users.

Configuration in the local network:

Clients must have direct access to the identity provider service.
Make sure that port 443 is open to the outside.

Configuration in Swyx Control Center:

You need to create an identity provider configuration in Swyx Control Center, see Create identity provider configuration

For all desired SwyxWare users federated authentication has to be allowed (via the option Allow federated authentication), see To edit the authentication settings for a User

Configuration in SwyxIt!

For Auth0 option must be enabled during the SwyxIt! installation Auth0 authentication option must be enabled.

Last modified date: 01/19/2024