| layout | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
This document provides step-by-step instructions for configuring Login Providers in PBMS to enable end-users to log in to the Beneficiary Portal.
- A client must be successfully created on the respective login provider you want to configure.
- Install the G2P Portal Auth module.
- Enable Debug Mode. (Settings --> General Settings --> Developer Tools --> Activate the developer mode).
.png)
- Go to the OAuth Providers section. (Settings --> Users & companies --> OAuth Providers)
.png)
- Create a new Login Provider and enter the required values in the respective fields.
.png)
For example, the fields, their descriptions, and sample values are given below.
| Feature | Description | Value |
|---|---|---|
| Provider name | Enter the provider name. | For example: Keycloak for Beneficiary Portal Login |
| Auth Flow | Select the option OpenID Connect Authorization Code Flow from the drop-down. | |
| Client ID | The ID of the client. | |
| Client Authentication Method | Select the Client Authentication method. | |
| Allowed | check the box. | |
| Allowed in Self Service Portal | Check the box to enable the option Allowed. | |
| Allowed in Service Provider Portal | Uncheck the box. | |
| G2P Portal Oauth Callback Url | Configure the beneficiary portal callback URL. | For example: <beneficiary-portal-url>/v1/selfservice/oauth2/callback |
| Login button label | Enter the label name for the Login button. | For example: Note: This text with the button name will appear on login page. |
| Image Icon URL | Enter the URL of an image for the Login button. | |
| Authorization URL, Userinfo URL, Token Endpoint, JWKS URL | These are to be configured as available in the well-known config of Login Provider. | |
| Extra Authorize Params | Depending upon the Provider, configure the extra parameters if needed. | |
| Enable Pkce? | Check the box. | |
| Verify Access Token Hash | Check the box to enable the option Verify Access Token. | |
| Allow Signup | Select the option Denies user signup (invitation only) from the drop-down. | |
| Sync User Groups | Select the option Never from the drop-down. | |
| G2P Registrant ID Type | Configure the ID Type where the user token will be stored. |
The rest of the fields have the default values.