# Configure Login Providers for Beneficiary Portal ## Description This document provides step-by-step instructions for configuring **Login Providers** in **PBMS** to enable end-users to log in to the **Beneficiary Portal**. ## Prerequisites 1. A client must be successfully created on the respective login provider you want to configure. 2. Install the **G2P Portal Auth** module. ## Steps 1. Enable **Debug Mode.** (Settings --> General Settings --> Developer Tools --> Activate the developer mode).
2. Go to the **OAuth Providers** section. (Settings --> Users & companies --> OAuth Providers)
3. Create a new **Login Provider** and enter the required values in the respective fields.
For example, the fields, their descriptions, and sample values are given below.
FeatureDescriptionValue
Provider nameEnter the provider name.For example: Keycloak for Beneficiary Portal Login
Auth FlowSelect the option OpenID Connect Authorization Code Flow from the drop-down.
Client IDThe ID of the client.
Client Authentication MethodSelect the Client Authentication method.
Allowedcheck the box.
Allowed in Self Service PortalCheck the box to enable the option Allowed.
Allowed in Service Provider PortalUncheck the box.
G2P Portal Oauth Callback UrlConfigure the beneficiary portal callback URL.For example: <beneficiary-portal-url>/v1/selfservice/oauth2/callback
Login button labelEnter the label name for the Login button.

For example: Login with National ID.

Note: This text with the button name will appear on login page.

Image Icon URLEnter the URL of an image for the Login button.
Authorization URL, Userinfo URL, Token Endpoint, JWKS URLThese are to be configured as available in the well-known config of Login Provider.
Extra Authorize ParamsDepending upon the Provider, configure the extra parameters if needed.
Enable Pkce?Check the box.
Verify Access Token HashCheck the box to enable the option Verify Access Token.
Allow SignupSelect the option Denies user signup (invitation only) from the drop-down.
Sync User GroupsSelect the option Never from the drop-down.
G2P Registrant ID TypeConfigure the ID Type where the user token will be stored.
The rest of the fields have the default values. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openg2p.org/products/pbms/previous-generation/functionality/self-service-portal/user-guides/map-self-service-portal-form.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.