# Setting up SingleSignon

Before going into the detailed configuration please make sure https/SSL is enabled.

Set the following configurations to true

- securitySslLogin
- securitySslPages

Next activate service icons on the login page

- oauthLoginDisplay

### <span class="mw-headline" id="bkmrk-google-oauth-1">Google Oauth</span>

Using an existing Google account , go to the \[[credentials section](https://console.developers.google.com/apis/credentials?project=oauth2-234210&folder&organizationId)\].

Navigate to "Credentials" in the left menu.

First setup Oauth messages in the **Oauth conscent** section

- Logo, privacy policies etc. are not required but make things look better
- Note that domain authentication is not required

Next setup setup credentials

1. Navigate back to credentials
2. Click **Create credentials**
3. Fill out the information 
    - Authorized JavaScript origins: [https://alpha.tempusserva.dk](https://alpha.tempusserva.dk/)
    - Authorized redirect URIs: [https://alpha.tempusserva.dk/TempusServa/SignInGoogle](https://alpha.tempusserva.dk/TempusServa/SignInGoogle)
4. Credentials are generated
5. Copy credentials to your Tempus Serva configuration 
    - oauthGoogleClient = \[Client ID\]
    - oauthGoogleSecret = \[Client secret\]
6. Finally 
    - oauthGoogleAllow = true

### <span class="mw-headline" id="bkmrk-linkedin-oauth-1">LinkedIn Oauth</span>

[Follow the guide](https://medium.com/@ellesmuse/how-to-get-a-linkedin-access-token-a53f9b62f0ce)

Copy credentials to

- oauthLinkedinClient
- oauthLinkedinSecret

Enable

- oauthLinkedinAllow

Callback URL

- [https://sample.tsnocode.com/app/SignInLinkedin](https://sample.tsnocode.com/app/SignInLinkedin)

### <span class="mw-headline" id="bkmrk-facebook-oauth-1">Facebook Oauth</span>

[Follow the guide](https://developers.facebook.com/docs/facebook-login/access-tokens/)

Copy credentials to

- oauthFacebookClient
- oauthFacebookSecret

Enable

- oauthFacebookAllow

Callback URL

- [https://sample.tsnocode.com/app/SignInFB](https://sample.tsnocode.com/app/SignInFB)

### <span class="mw-headline" id="bkmrk-azure-oauth-1">Azure Oauth</span>

[Follow the guide](https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2)

Copy credentials to

- oauthAzureTenant
- oauthAzureClient
- oauthAzureSecret

Enable

- oauthAzureAllow

Callback URL

- [https://sample.tsnocode.com/app/SignInAzure](https://sample.tsnocode.com/app/SignInAzure)

### <span class="mw-headline" id="bkmrk-adfs-oauth-1">ADFS Oauth</span>

[Follow the guide](https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code)

Copy credentials to

- oauthAdfsServer
- oauthAdfsClient

Enable

- oauthAdfsAllow

Callback URL

- [https://sample.tsnocode.com/app/SignInADFS](https://sample.tsnocode.com/app/SignInADFS)

### <span class="mw-headline" id="bkmrk-wordpress-1">WordPress</span>

1. Install and activate the [plugin](https://wordpress.org/plugins/oauth2-provider)
2. Enable the Oauth-server (Oath Server -&gt; Settings -&gt; Enable Oauth Server)
3. Create a new client (Oauth Server -&gt; Clients -&gt; Add New Client) 
    1. Give it a descriptive name
    2. Add the Redirect URI (Should be something like: `https://[ts-hostname]/[ts-instance]/SignInWP`)
    3. Assign it admin rights
    4. Save it
4. Copy credentials to Configurations 
    - oauthWPClient
    - oauthWPSecret
5. Input wordpress domain/link to Configuration (no trailing /) 
    - oauthWPHost
6. Enable Configuration 
    - oauthWPAllow