OAuth 2.0 support in Bold BI application

The Bold BI application can be configured to support OAuth 2.0 for Single Sign-On (SSO). This allows users to log in directly to the Bold BI application after authenticating using OAuth 2.0.

Prerequisites

1. A user account with an OAuth 2.0 provider.

2. Register the Bold BI application with the OAuth 2.0 provider.

Steps to configure OAuth 2.0 in Bold BI

1. Please login to Bold BI using the admin credentials.

2. Click on Settings in the left side menu.

   

3. Click Authentication and then OAuth 2.0

   

4. Please provide the following details in the OAuth 2.0 settings of the Bold BI application.

   Provider Name	It represents the name of the authentication provider to be displayed in the login page.
   Provider Logo	It represents the logo of the authentication provider to be displayed in the login page.
   Authorization Endpoint	It is the endpoint in the provider to authorize the user.
   Token Endpoint Method	It represents the request type to access the token endpoint.
   Token Endpoint	It is the endpoint in the provider that generates the token.
   User Information Endpoint Method	It is the endpoint in the provider used to get the user details.
   User Information Endpoint	It represents the request type to access the user information endpoint.
   Client ID	It is an unique identifier provided to each of the applications while registering in the providers.
   Client Secret	It is a secret key that is used to authorize the applications.
   Scopes	It is comma separated lists of identifiers that specifies the access privileges that are being requested from the provider.
   Logout Endpoint	It is an end point that logout the thrid-party provider.
   Email	This must be the field name in which email will be present when deserializing the token.

   

   

If we need to import the OAuth 2.0 groups, we have to configure the group details when saving the OAuth authentication settings.

The previously mentioned similar steps are applicable to configure OAuth 2.0 support in the User Management Server by logging into the URL {Bold BI URL}/ums/administration/sso?view=oauth-settings with admin credentials.

The following is a list of a few OAuth 2.0 providers and an explanation of how to connect with the Bold BI application.

• Amazon Cognito
• Auth0
• Okta
• OneLogin

OAuth 2.0 support is provided in both the Bold BI sites and User Management Server. This support can be handled for each site individually on the settings page by disabling the option, as shown in the following screenshot.

Set OAuth 2.0 as Default Authentication

To set OAuth 2.0 as the default authentication, enable and save the OAuth 2.0 settings Follow these steps:

1. On the settings page, click the Authentication tab and select General.

2. Enable the Enable Default Authentication option and select OAuth 2.0 as the default authentication provider, as shown in the following screenshot.

   

Disabling OAuth 2.0 Settings

When OAuth 2.0 is set as the default authentication, trying to disable the OAuth 2.0 settings will display the following pop-up. Proceeding by clicking Yes will disable the OAuth 2.0 default authentication.

Configure OAuth 2.0 authentication using REST API

Configure the OAuth 2.0 settings using the REST API by referencing the REST API document.

While configuring OAuth settings, you can also configure the group import settings to import the OAuth groups. You can include the group settings details based on the provider type to configure the group import settings. Please refer to this FAQ document to learn about the different group import settings details based on the provider.