1. Go to SSO Applications

2. Create a new SSO application

3. Go to Okta applications and create new SAML Service Provider

4. Specify Attributes Statements

5. Scroll down and open View Setup Instructions to copy Identity Provider Issuer and enter it below

6. Download Identity Provider metadata

7. Edit metadata and add entityID attribute (Identity Provider Issuer)

8. Add User assignments

9. Upload metadata and set ACS url in Okta

10. You are all set

SSO button should appear automatically on the login and register pages when visiting Jet Admin from your custom domain.

You don't need to build the Sign-in/Sign-up page in the UI, as Jet already has a separate Sign-in/Sign-up page builder.

To access it,

1. Click on the Sign-in & Sign-up icon inside the builder

Sign-in/Sign-up page

Sign-in/Sign-up page has three major sections:

• (1) Menu - configure the appearance, sign-in, and sign-up separately

• (2) The preview - check in real-time changes taking effect

• (3) Setting - this is where the configuring happens

Learn how to set up a custom domain in the following article:

Appearance

The appearance tab allows you to:

• (1) Switch between the layouts

• (2) Set the background picture

• (3) Set the color theme

Sign-in & Sign-up

The sign-in and sign-up tabs allow you to configure the settings, specific to the sign-in and sign-up, such as Terms of service URL, titles, and customer sign-up flow for the Portal.

1. Go to SSO Applications

2. Create a new SSO application

Authorizing API calls to your backend with SSO token

When user is logged in with SSO it is possible to use SSO access token in HTTP queries (Rest API or GraphQL). Such requests are going through api.jetadmin.io endpoint or self-hosted Jet Bridge (when set up as ).

You can insert any SSO tokens in HTTP/GraphQL queries using SSO credentials section.

1. Go to SSO Applications

2. Create a new SSO application

3. Go to Auth0 applications and create new Application

4. Activate SAML2 Web App

5. Specify mappings in Settings

6. Download metadata

7. Upload metadata and set ACS url in Auth0

8. You are all set

SSO button should appear automatically on the login and register pages when visiting Jet Admin from your custom domain.

If you want to use Google services such as Google Sheets, Google Drive, Google Cloud and many others, this step-by-step guide can help you with Google OAuth 2.0 authentication.

Once you have created the project and selected the Rest API resource, you also selected the OAuth 2.0 authentication method - you need to select a provider.

Google Developers Console

1. Google API Console

Visit the to obtain OAuth 2.0 credentials such as a Client ID and Client secret that are known to both Google and Jet Admin.

2. Create a new project

3. Specify new project details

Specify Project name and Location then click the Create button.

4. Enable APIs and Services

In the control panel, enable the API and Services you plan to use.

The API library looks like this. You can choose any service you are plan to use, but we will go through the Google Sheet API.

Once you have selected the API and services, click the Enable button.

5. Create Credentials

To use this API, you need credentials. Go to the credentials menu to get started.

Сonfigure the OAuth consent screen:

Choose how you want to configure and register your app, including your target users. You can only associate one app with your project. Then click Create.

Specify the application name, scroll down the page, and click Save.

Go to the credentials menu and click Create credentials. Then select OAuth Client ID.

Then you need to select the application type. In the drop-down list, select Web application. Specify name, you also can add OAuth Redirect URL, then click Create. https://api-dev.jetadmin.io/api/create_oauth_token_complete/

Congratulations, your client ID and client secret created.

5. Adding resource

To complete the process of adding a resource, we need to fill in the scopes field.

You can find the necessary information . For our case, the scopes look like this.

Conclusion

Congratulations! Now you are ready to authenticate with Google OAuth 2.0. If you still have any questions, please contact us for help.

Setting up SSO for your Jet Admin project requires your to set up Custom Domain for your project first.

1. Go to SSO Applications

2. Create a new SSO application

3. Open your G Suite SAML Apps and create a new one

G Suite Apps page is located at

4. Select SETUP MY OWN CUSTOM APP

5. Download IDP metadata .xml file

6. Specify application basic information

7. Set up Jet Admin SSO application and copy ACS URL

Specify Entity ID and upload saved Metadata (.xml) file from the previous step. Entity ID should be unique text identifier of your application

ACS URL displayed at the bottom of page will be needed on the next step.

8. Set up G Suite SAML App

Specify ACS URL and Entity ID entered on the previous step

9. Set attributes mapping

You should specify 3 attributes to map on Jet Admin user account:

• Email should map to Basic Information - Primary Email

• FirstName should map to Basic Information - First Name

• LastName should map to Basic Information - Last Name

10. You are all set

SSO button should appear automatically on the login and register pages when visiting Jet Admin from your custom domain.

Apart from a number of pre-built SSO providers we support integrating with fully Custom OAuth 2.0 compatible providers.

The process is not automatic:

• First you need to implement OAuth2 flow on your side and make sure it works. You should implement three types of requests for it listed below.

• Any SSO integrations require you to connect your custom domain.

• Contact our tech engineers to test and finish integration on our side. OAuth implementation can vary from provider to provider so we implemented ability to customize OAuth requests used in integration (HTTP method, JSON/Form data, Scope separator, etc.). Our engineers will adapt to your implementation during integration process, but we recommend to stick to the most popular industry implementations (preferable to use open source implementations for your tech stack).

These are global parameters generated on your side

• CLIENT_ID - You apps client id used to identify Jet Admin requests (passed public)

• CLIENT_SECRET - You apps client secret used by Jet Admin to perform requests (stored internally)

• SCOPE - (optional) If your backend requires access_token to have list of scopes to make queries this parameter will be used to obtain access_token

1. Authorization URL

Initial page which user is redirected to on Sign In page

GET https://YOUR_SSO_DOMAIN/authorize

Query Parameters

After Sign In process user will be redirected back to Jet Admin side.

Page that processes received "code" and performs step 2.

GET https://api.jetadmin.io/complete/custom_oauth_2/

Query Parameters

2. Access token URL

The method is called by Jet Admin backend to get "access" and "refresh" tokens

POST https://YOUR_SSO_DOMAIN/token

Request Body

access_token JWT payload should have fields:

• first_name

• last_name (optional)

• username (can be equal to email)

• email

access token and refresh token obtained on this step are saved on api.jetadmin.io side.

3. Refresh token URL

Can be the same as Access token URL, but with different data

The method is called by Jet Admin backend to refresh expired "access token"

POST https://YOUR_SSO_DOMAIN/token

Request Body

Authorizing API calls to your backend with SSO token

1. Go to Sign In & Sign Up -> Authentication

2. Create a new External SSO

Specify Name and New members team for newly created External SSO

3. Go to Azure Active Directory -> App registrations and create new new Application

In Redirect URI (optional) section fill the following fields

• Platform: Web

• URL: copy REDIRECT URL from Jet Admin -> External SSO -> Application parameters section.

4. Copy credentials to Jet Admin

• Copy Application (client) ID and Directory (tenant) ID from App Registration page in Azure portal to Jet Admin External SSO

• Then open Certificates & secrets page, create new Client secret and copy it's Value to Jet Admin Client Secret

• You should also set Scope to openid,profile,email,offline_access

5. You are all set

SSO button should appear automatically on the login and register pages when visiting Jet Admin from your custom domain.