Skip to main content

Authentication

A typical smart desktop contains many different apps from various vendors. Many of these vendors require authentication. But authenticating each app separately is annoying to the user. To solve this problem, single sign-on (SSO) authentication allows the user to sign in once, and from then on all the apps authenticate through SSO.

note

For the SSO authentication to work with Finsemble, you must already have an OAuth provider.

To configure OAuth2 settings for your smart desktop, you must first create an app on the authentication provider. Each provider is a little different, but in general you need to specify some settings and then create or register a new app. Follow the instructions for your specific provider.

Finsemble provides built-in support for SSO authentication to Google and Salesforce. You can also configure it to connect to other OAuth2-capable authentication providers, such as Keycloak. Here's a list of popular OAuth providers. Finsenble can connect to them, but we don't recommend one over another.

To configure authentication on the smart desktop:

  1. Pick the provider from the dropdown to configure it.
  2. When setting up an OAuth2 app, your authentication provider will require the Redirect URL supplied by Finsemble. Copy the redirect URL from the Finsemble Redirect URL field into the OAuth2 app configuration for your service provider.
  3. Your authentication provider will generate a unique Client ID. Copy this ID from the OAuth2 service provider into the Finsemble Client ID field.
  4. When you're done, save the authentication configuration by clicking the Test and save button.

Under the Advanced portion of the screen you have a few more options to configure if you want. You can control the access that your app can have to a protected resource such as a username or picture. If your app needs this access, specify the Scope parameter. By default, we specify it as openid, but it is a best practice to use the most restrictive scope possible. If you don't need to use this parameter, leave it blank.

Another option is to specify whether to use the Require nonce parameter. When you set this parameter to true, Finsemble generates a random string that allows the OAuth server to verify that the app has never made a request to the OAuth server before. This way, the server can detect replay attacks. Not all providers support the nonce parameter, so verify that yours does before you set it.

note

Finsemble doesn't support Proof Key for Code Exchange (PKCE).

See also

Google - Setting up OAuth 2.0 Salesforce - Set Up Authorization with OAuth 2.0

Enable OAuth Settings for API Integration

Ways to use scope

Introduction to Smart Desktop Designer

Build your smart desktop with me

Manage apps

Theme

Toolbar

Preloads

Finish