help • 4 Editing General Settings • Federated authentication via identity provider
4.20 Federated authentication via identity provider
The user of a client has to authenticate himself when logging on to SwyxServer, see 9.2 Authentication for clients
If your company uses Identity Provider services, you can configure federated authentication (OAuth 2.0 and OpenID Connect) for SwyxServer and enable it for the desired users.
* 
Only the following identity providers are supported: Auth0 and Microsoft Entra ID.
 
Identity Provider
URL to the user documentation
Auth0
Microsoft Entra ID
Requirements:
*You must have an account with an identity provider that you can manage yourself.
*The SwyxWare application must be configured in your identity provider account, see Set up federated authentication with Entra ID
*You must activate the "google-oauth2" protocol in the account settings (only for Auth0).
*All SwyxWare users which should use federated authentication must be configured in the user directory at your identity provider and mapped to SwyxWare application.
*The user names (UPN) at the identity provider must correspond to the email addresses of the SwyxWare users.
Configuration in the local network:
* 
Clients must have direct access to the identity provider service.
Make sure that port 443 is open to the outside.
 
Configuration in Swyx Control Center:
*You need to create an identity provider configuration in Swyx Control Center, see 4.20.2 Create identity provider configuration
*For all desired SwyxWare users federated authentication has to be allowed (via the option Allow federated authentication), see To edit the authentication settings for a User
Configuration in SwyxIt! Classic
*The Auth0 authentication option must be activated for the SwyxIt! Classic installation.