Federated authentication via identity provider

help • 4 Editing General Settings • Federated authentication via identity provider

4.20 Federated authentication via identity provider

The user of a client has to authenticate himself when logging on to SwyxServer, see 9.2 Authentication for clients

If your company uses Identity Provider services, you can configure federated authentication (OAuth 2.0 and OpenID Connect) for SwyxServer and enable it for the desired users.

Only the following identity providers are supported: Auth0 and Microsoft Entra ID.

Identity Provider	URL to the user documentation
Auth0	auth0.com/docs
Microsoft Entra ID	learn.microsoft.com/en/entra/identity/hybrid/connect/whatis-fed

Requirements:

You must have an account with an identity provider that you can manage yourself.

The SwyxWare application must be configured in your identity provider account, see Set up federated authentication with Entra ID

You must activate the "google-oauth2" protocol in the account settings (only for Auth0).

All SwyxWare users which should use federated authentication must be configured in the user directory at your identity provider and mapped to SwyxWare application.

The user names (UPN) at the identity provider must correspond to the email addresses of the SwyxWare users.

Configuration in the local network:

Clients must have direct access to the identity provider service.
Make sure that port 443 is open to the outside.

Configuration in Swyx Control Center:

You need to create an identity provider configuration in Swyx Control Center, see 4.20.2 Create identity provider configuration

For all desired SwyxWare users federated authentication has to be allowed (via the option Allow federated authentication), see To edit the authentication settings for a User

Configuration in SwyxIt! Classic

The Auth0 authentication option must be activated for the SwyxIt! Classic installation.