It is possible to integrate Motimate with identity providers that use OAuth2.0 protocol. This is done to make it easier for the users to sign in into Motimate using the same credentials they use in other company systems. Motimate support two 3.rd party services for SSO.

Office 365 uses Azure Active Directory (Azure AD), a cloud-based user identity and authentication service that is included with your Office 365 subscription, to manage identities and authentication for Office 365. Azure AD may also be configured as a standalone service.

To register an Motimate application in Azure AD goto the Microsoft docs and use these parameters (replace orgunit):

Application Login URI:

https://{{orgunit}}.web.motimateapp.com/

Allowed Callback URLs:

https://{{orgunit}}.web.motimateapp.com/external-auth-completed

https://{{orgunit}}.motimateapp.com/admin/external-auth-completed

motimate-training://external-auth-completed

Allowed Logout URLs:

https://{{orgunit}}.motimateapp.com/admin/external-logout-completed

Tutorial for setting up SSS in Azure AD

Motimate supports single sign-on (SSO) with Azure using OAuth. You can check out these and these official Microsoft docs for more information. To enable SSO, you need to perform the following steps:

1. Register SSO application

Start by adding a new app registration:

Give your new application some meaningful name, e.g. Motimate SSO:

You don’t need to provide Redirect URI at this point.

Now you need to grant admin consent for the application.

Applications (for example, Motimate Provisioning app in your AD) can be granted permissions to your directory by an admin consenting to the application for all users (Admin consent). As an administrator you can grant consent on behalf of all users in this directory, ensuring that end users will not be required to consent when using the application. Without an admin consent workflow, a user in a tenant where user consent is disabled will be blocked when they try to access any app that requires permissions to access organizational data.

Next, you need to add a Web platform:

Now configure the first custom redirect URIs:

  1. https://{{orgunit}}.web.motimateapp.com/external-auth-completed
  2. https://{{orgunit}}.motimateapp.com/admin/external-auth-completed

Make sure to change the {{orgunit}} subdomain with the subdomain of your Motimate account. You’ll receive it from Motimate support. In the picture bellow we have replaced {{orgunit}} with example.

Next, you need to add a Mobile and desktop applications platform:

Now add the custom redirect URI:

– motimate-training://external-auth-completed

Do not activate implicit grant. Access token and ID token must be blank.

After saving the changes, you should go to the Overview tab and send Motimate support the values of Application (client) ID and Directory (tenant) ID.

You will also need to create a client secret key and sent it to motimate support.

This is how to create a new key:

After receiving confirmation that the setup was complete in the Motimate system, you may go to your Motimate account and verify that it’s working. Make sure also to check logging in on both iOS and Android apps.

To use GSuite as an identity provider with Motimate, go to Google Developer Console and follow the steps below.

  1. Go to OAuth consent screen.
  2. Choose Internal and click CREATE.

You’ll be redirected to the Edit app registration form. Fill this form and click SAVE AND CONTINUE.

You’ll be redirected to the Edit app registration / Scopes form. Just click SAVE AND CONTINUE.

Now…

  1. Go to Credentials.
  2. Click CREATE CREDENTIALS.
  3. Choose OAuth client ID.

Set Application type to Web application.

  1. Set Name to whatever you want (e.g. Motimate Web).
  2. Add following Authorised redirect URIs:
    1. https://{your-organization-identifier}.web.motimateapp.com/external-auth-completed
    2. https://{your-organization-identifier}.motimateapp.com/admin/external-auth-completed
  3. Click SAVE.

Now…

  1. Click CREATE CREDENTIALS (again).
  2. Choose OAuth client ID.
  3. Set Application type to iOS. This app will handle both iOS and Android.
  4. Set Name to whatever you want (e.g. Motimate Mobile).
  5. Set Bundle ID to com.motimate.Motimate.Training.
  6. Set App Store ID to id1195922910.

Now your Credentials dashboard should look like this:

Motimate team would need the following data from you:

  1. Web application Client ID and Client secret.
  2. iOS application Client ID.

You can download these data using the down arrow icons on the right side:

Auth0 provides authentication and authorization as a service. The has gained its popularity due to the massive support for sosical login providers, easy system development kits (SDK), simple interfaces and security features.

Other 3.rd party services that supports OAuth2.0 and OpenId without PKCE may be supported, but requires testing before supporting.

To register an Motimate application in Auth0 goto the Auth0 docs and use these parameters (replace orgunit):

Application Login URI:
https://{{orgunit}}.web.motimateapp.com/

Allowed Callback URLs:
https://{{orgunit}}.web.motimateapp.com/external-auth-completed

https://{{orgunit}}.motimateapp.com/admin/external-auth-completed

motimate-training://external-auth-completed

Allowed Logout URLs
https://{{orgunit}}.motimateapp.com/admin/external-logout-completed

Multiple organizations units and SSO

Motimate support many SSO setups on our platform. Every organization unit can be configured with a SSO provider. Organizations with the standard setup may have the same SSO provider as other organizations and there can only be one provider per organization. Customers with a single SSO provider accross many organizations will have automatic login between them. This is due to how SSO works. Motimate sends users to the customers SSO provider on login. Many of these providers do not require login every time a user is prompt with the login screen. Login sessions can be configured to remember logins for a period of time or user device my have certificates for automatic login.