CommunityLicense

📔Configure Login Providers for Beneficiary Portal

Description

This document provides step-by-step instructions for configuring Login Providers in PBMS to enable end-users to log in to the Beneficiary Portal.

Prerequisites

  1. A client must be successfully created on the respective login provider you want to configure.

  2. Install the G2P Portal Auth module.

Steps

  1. Enable Debug Mode. (Settings --> General Settings --> Developer Tools --> Activate the developer mode).

  1. Go to the OAuth Providers section. (Settings --> Users & companies --> OAuth Providers)

  1. Create a new Login Provider and enter the required values in the respective fields.

For example, the fields, their descriptions, and sample values are given below.

Feature
Description
Value

Provider name

Enter the provider name.

For example: Keycloak for Beneficiary Portal Login

Auth Flow

Select the option OpenID Connect Authorization Code Flow from the drop-down.

Client ID

The ID of the client.

Client Authentication Method

Select the Client Authentication method.

Allowed

check the box.

Allowed in Self Service Portal

Check the box to enable the option Allowed.

Allowed in Service Provider Portal

Uncheck the box.

G2P Portal Oauth Callback Url

Configure the beneficiary portal callback URL.

For example: <beneficiary-portal-url>/v1/selfservice/oauth2/callback

Login button label

Enter the label name for the Login button.

For example: Login with National ID.

Note: This text with the button name will appear on login page.

Image Icon URL

Enter the URL of an image for the Login button.

Authorization URL, Userinfo URL, Token Endpoint, JWKS URL

These are to be configured as available in the well-known config of Login Provider.

Extra Authorize Params

Depending upon the Provider, configure the extra parameters if needed.

Enable Pkce?

Check the box.

Verify Access Token Hash

Check the box to enable the option Verify Access Token.

Allow Signup

Select the option Denies user signup (invitation only) from the drop-down.

Sync User Groups

Select the option Never from the drop-down.

G2P Registrant ID Type

Configure the ID Type where the user token will be stored.

The rest of the fields have the default values.

PreviousCreate Form and Map with ProgramNextSelf Register Online

Last updated

Was this helpful?