Skip to main content

OAuth 2.0

Integrating your Web Server with an OAuth 2.0 provider such as Microsoft, Google, Auth0, or Okta enables secure single sign-on (SSO) for your users. This setup allows users to authenticate using their existing company credentials rather than managing additional passwords within SEI.

To configure OAuth 2.0 authentication, you must register SEI as an application with your provider and enter the necessary connection parameters in the SEI Authentication settings. Each application and Add-in may require a specific redirect URL.

Common providors:

Registration steps

  1. Log in to your OAuth provider’s admin portal.
  2. Register a new application or client (follow the provider's documentation for this process).
  3. Enter the necessary Redirect URLs (provided in SEI’s Authentication screen) for both the Web Server and the Excel Add-in, if applicable.
  4. Collect the required parameters as listed above.
  5. Log in to SEI.
  6. In the navigation panel, select the gear icon to open Administration.
  7. Select Security, then Authentication.
  8. Create a new OAuth 2.0 provider entry using these values.

For a full step-by-step example, see OAuth 2.0 Configuration Example

note

SEI and Excel Add-in each have specific Redirect URLs. Register both URLs as authorized redirect URIs with your provider so that users can sign in to both components.

Required parameters

ParameterDescription
Client IDIdentifies SEI as a registered application to the OAuth provider and builds login URLs.
Client SecretSecures client authentication between your Web Server and the OAuth provider.
Authorization EndpointDirects users to the provider’s login, allowing consent and returning an authorization code to the server.
Token EndpointIssues an access token to SEI in exchange for a valid authorization code.
User Info EndpointSupplies user profile data that can be mapped to SEI user accounts after successful login.
ScopesDefines and limits what user account information SEI can access; scopes prompt user consent.
Discovery Endpoint(Optional) Provides metadata for the OAuth provider and facilitates automated configuration.