Single Sign-On with OAuth 2.0
Estimated reading time: 5 minutes | Target users: IT Admins
OAuth 2.0 is an industry-standard authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as VCC Live. The core authorizing workflow of OAuth 2.0 is to delegate user authentication to VCC Live (the service that hosts the user account) and authorize third-party applications to access the user account.
OAuth 2.0 can be used with our Single Sign-On feature, which enables your users to log in to VCC Live without having to enter their login credentials before each login.
Note: Activating this feature requires an initial setup at both your and VCC Live’s end. For more details, please get in touch with your contact person at VCC Live.
In this lesson, you will learn:
- About the Structure of OAuth 2.0
- How to set up Single Sign-On with OAuth 2.0
1. The Structure of OAuth 2.0
OAuth operates based on four roles:
- Resource Owner
- Resource Server
- Authorization Server
The resource owner is the user, who uses OAuth to authorize VCC Live to their account. VCC Live’s access to the user’s account is limited to a predefined range – so it can be set, exactly which kind of access is granted for a certain user (eg. read or write access).
The client in this case is VCC Live, the application that wants to access the user’s account. This shall be authorized by the user, and the authorization shall be validated by the API.
The resource server hosts all of the user accounts and the authorization server identifies the users, who provide access tokens to the application. In most cases, a service’s API fulfills both the resource and authorization server roles.
2. Using Single Sign-On with OAuth 2.0
Our single sign-on authentication method uses the OAuth 2.0 open standard. In order to implement Single Sign-On for VCC Live, please follow the below steps.
- You must have an OAuth 2.0 server installed and hosted.
- Register the VCC Live application with the OAuth 2.0 system server. This will enable VCC Live to connect to an authentication system of your choice.
- You will receive access details from the authorization server, including your client identifier, client server name, access token, and more.
- Please send us the access details. Our developer will register them in theVCC Live system. Also, we are activating the single sign-on feature for you.
- Your VCC Live users will be able to login using the OAuth Login button, without having to enter their usernames and passwords. (Important: once this feature is enabled, it is not possible to use your username + password combination for logging in.) Upon opening VCC Live, a browser window will appear, where users need to enter their centralized login credentials only the first time. If you have more than one user account, you can choose which account you want to log in with.
Note: OAuth 2.0 is an open protocol, and is not developed by VCC Live.
Note: During the login process, OAuth 2.0 will return the email addresses to the VCC Live application, and the application will authenticate the users with the email address. This requires you to provide the same email address for all the users in both OAuth 2.0 and the VCC Live system.
Warning: Once this feature is enabled, you and your users will no longer be able to log in using the old method, unless you ask us to disable OAuth 2.0.
You’ve just learned how to set up and configure Single Sign-On with OAuth 2.0 for the VCC Live application.
Ready for the next lesson? You’ll learn how to restrict access to your VCC Live account or to its individual features based on IP addresses.
Start next lesson >
Can’t find what you need? Use the comment section below to connect with others, get answers from our experts, or share your ideas with us.
There are no comments yet.