getOperate supports Single Sign-On for Microsoft, Google, GitHub, GitLab, Okta, and domain restriction.
https://<YOUR_INSTANCE>/user/login_callback/google
https://<YOUR_INSTANCE>/user/login_callback/microsoft
Login: https://<YOUR_INSTANCE>/user/login
Create a new OAuth 2.0 Client in Microsoft portal.
In the “Authentication” tab, set the redirect URI to BASE_URL/user/login_callback/microsoft
, the logout channel to BASE_URL/auth/logout
where BASE_URL is what you configured as core BASE_URL. Also set “Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)”, you can restrict the emails directly in getOperate using the “allowed_domains” setting.
Superadmin Settings -> Instance Settings -> SSO -> Toggle “microsoft” -> set client id, org and client secret.
Create a new app integration
:https://<your getOperate's public hostname as configured in values.yaml>/user/login_callback/okta/
https://<your getOperate's public hostname as configured in values.yaml>
App Only
https://<your getOperate's public hostname as configured in values.yaml>/user/login
https://<YOUR_INSTANCE>/user/login_callback/github
Login: https://<YOUR_INSTANCE>/user/login
Superadmin Settings -> Instance Settings -> SSO -> Toggle “github” -> set client id, org and client secret.
https://<YOUR_INSTANCE>/user/login_callback/gitlab
Login: https://<YOUR_INSTANCE>/user/login
GitLab’s Single Sign-On integration is supported by getOperate. Detailed steps for setting up GitLab as an OAuth SSO provider will be provided in the upcoming documentation but the entry for the oauth.json is as following:
Superadmin Settings -> Instance Settings -> SSO -> Toggle “gitlab” -> set client id, org and client secret.
https://api.slack.com/apps?new_app=1
Pick “From an app manifest”, then YAML.
Your app manifest should look like this, replacing <YOUR INSTANCE URL>
in 2 places:
https://<YOUR_INSTANCE>/oauth/callback/gsheets
connect_config
or login_config
of type OAuthConfig:
connect_config
is used for resources, and login_config
for SSO.
extra_params
is an escape hatch to deal with OAuth provider that need some extra fields to be passed along to the authorization URL.
You can iterate without requiring a dev setup. The item accepts an extra optional field: connect_config
or login_config
for SSO.
connect_config
is used for resources, and login_config
for SSO.