Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
User authentication

ON THIS PAGE

Table of Contents
minLevel1
maxLevel7

What it’s about

Single sign-on (SSO) is an access management function that enables users to log in with a single set of identity credentials to multiple accounts, software, systems, and resources.

XCALLY gives its users the possibility to access XCALLY using Google credentials (gmail and password).
For agents, SSO feature is available only for WebRTC Agents (and not for Phonebar Agents)

Image Added

How to set up

XCALLY Configuration

Please check in the General Settings the Single Sign-On property has been turned on:

  • From General Setting Menu, access the SSO section

  • Enable Google SSO

Image Added
  • In order to

use
  • make the Google SSO work,

the
  • XCALLY users

must have the proper Google account set as "email" in the Motion Staff section.Image Removed
  • (agents, users, admin) must login to Google with the same GMAIL configured in the XCALLY Staff Settings.

Image Added

If they are already logged into the Chrome browser, they need just to click on 

Image Removed

Otherwise, Google will ask them the account credentials

Image Removed

  • Please check in the General Settings the Single Sign-On property has been turned on! inserire screeshot

Creating a Google API Console project and client ID

on the red button.

Image Added


Google Configuration

Access to the Google Developers Console (https://console.developers.google.com)

Select or create

with Google credentials

Create a new Google API Consoleproject

STAMP

  • apiS & sERVICES

  • Click on the credentials

STAMP SSO 1

  • Create CREDENTIALS

STAMP SSO

  • Now you can add the credentials to access the APIs, click "Create credentials" and select "OAuth client ID"

STAMP

  • SELECT WEB APPLICATION

STAMP SSO

REDIRECT URI : HTTPS… MOTION DOMAIN/API/callback + ADD uri

Insert in the authorized URIs field the URI related your Motion server

  • From the Navigation Menu, choose IAM & Admin and select Create a Project

Image Added
  • Fill the required fields and click on Create

Image Added

Generate Credentials

  • Select the specific Project you want to generate the credentials for, in the Google Cloud top bar

  • From the Navigation Menu, choose APIs & Services and select Credentials

Image Added
  • Remember to configure the OAuth consent screen with information about your application.

Image Added
  • Click on Create Credentials

Image Added
  • Select OAuth client ID

Image Added
  • Choose Web Application as app type

Image Added

STAMP SSO 6

  • ti da le credenziali (valori che devi inserire in ssh)

CLiENT Image Added
  • Click on Add URI and Create

  • Google will generate the credentials:

Image Added

Save these values:

  • CLIENT ID

  • CLIENT SECRET

  • REDIRECT URI

VAI IN SSH

ENTRA COME MOTION con comando


Server Configuration

  • Access the SSH Console

  • Run the following commands:

su motion

poi comando:

cd /var/opt/motion2poi

nano .env

STAMP DEL SERVER SSO 7

  • RIMUOVI Il cancelletto (uncomment) dei valori

  • inserisci i valori (tra le ' )

Google ID è CLiENT ID

CLIENT SECRET

DOmani è URI

  • CRTL X per salvare

  • Y per dare ok per confermare modifiche

  • dai invio

Ri-inizializza le variabili appena modificate con comando
  • Uncomment (remove the # ) the Google-related rows:

Image Added
  • Insert the required values with those generated in the Google Configuration:

Image Added

GOOGLE ID='CLIENT ID'

GOOGLE SECRET= 'CLIENT SECRET'

DOMAIN: 'REDIRECT URI'

  • Press CRTL+X

  • Press Y to save changes

  • Press Enter

Re-initialize the Xcally Motion V3 application for the variables changes to take effect, using the following commands:

npm run initialize

Note

questo comando riavvia i serivizi di motion Remember that this command restart Motion Services!

  • Make sure that services are up by running pm2 list

Motion server configuration

edit the file /var/opt/motion2/server/config/environment/production.js

and replace the following rows:

Code Block
languagejs
google: {
        clientID: process.env.GOOGLE_ID || 'id',
        clientSecret: process.env.GOOGLE_SECRET || 'secret',
        callbackURL: (process.env.DOMAIN || 'https://YOUR_MOTION_IP') + '/api/auth/google/callback'
    }

with the Google application ID, example:

Code Block
languagejs
   google: {
        clientID: process.env.GOOGLE_ID || '1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com',
        clientSecret: process.env.GOOGLE_SECRET || 'abc-123456abcdefghijklmn',
        callbackURL: (process.env.DOMAIN || 'https://pbx2.xcally.com') + '/api/auth/google/callback'
    }

restart the motion service to apply the change

Code Block
su motion
pm2 restart motion2
For any additional information please refer to the Official Google Documentation here
  • the command:

pm2 list

The Google SSO is ready to be used!