Home Admin System Oauth providers
Instruction
Configuration - System - Oauth providers

How do I activate an OAuth provider in i-Reserve?

i-Reserve supports logging in via external OAuth2 providers, for both customers (front office) and administrators (back office). This page describes how to configure and activate a provider in i-Reserve itself. To create the necessary details with the provider itself, see "Which providers can I use and what data do I need?".

Before you begin

  • You need the OAuth providers right (menu_config_oauth2) to open the configuration page.
  • You need the login details of the external provider (Client ID + Secret; for Microsoft and Apple, additional fields apply, see the table below).
  • When registering the application with the provider, you must provide the correct redirect URLs, otherwise the provider will refuse the login. See "What is the redirect URL?". In short:
    • https://<yourdomain>/login — required for client login
    • https://<yourdomain>/adminlogin — required for administrator login

Step 1: Open the configuration page

Go to Configuration → System and click on the OAuth providers card.

You will now see an overview of the already configured providers, showing the status for the client login (active) and the administrator login (active (administration)) for each provider.

Step 2: Add a provider

Click on Add provider. In the dialog box, enter:

Field Meaning
Provider The external service: Google, Microsoft, LinkedIn, Facebook, X/Twitter or Apple. Each provider can only be configured once.
Comments Free text field for your own records, for example, who manages the app at the provider.
active Shows this provider's login button on the customer login page.
active (management) Shows this provider's login button on the administrators login page.
Provider parameters The provider's login details, see table below.

Tip: after choosing the provider, the dialog box shows a direct link to that provider's developer portal, where you register the application and create the data.

Provider parameters per provider

Provider Required fields
Google Key Id, Key Secret
Microsoft Key Id, Key Secret, Tenant
LinkedIn Key Id, Key Secret
Facebook Key Id, Key Secret
X/Twitter Key Id, Key Secret
Apple Client ID, Team ID, Key Id, Key content (including BEGIN/END)

Note regarding Microsoft: the Tenant field is required. Enter the tenant ID (Directory ID) of your Microsoft Enterprise ID environment here. You can find this at portal.azure.com under app registration in Directory (tenant) ID. Only users from that tenant can then log in. If you have registered the app for multiple organizations (multi-tenant), enter common.

Different steps apply for Apple; see "How can I enable login with Apple ID?".

Step 3: Choose where the provider is active

The two switches active and active (administration) work independently of each other:

  • If you want customers to be able to log in with, for example, their Google account, set active to yes.
  • If you also want your own employees to log in to the administration section via the provider (single sign-on), set active (administration) to yes.
  • You can therefore select a provider only for customers, only for administrators, or for both. activate.

Save the configuration. The change takes effect immediately.

Step 4: Check the operation

  1. Open the login page (client: https://<yourdomain>/login, administration: https://<yourdomain>/adminlogin) in a private/incognito window.
  2. The button for the activated provider is now visible below the regular login form.
  3. Log in via the provider. The first time you log in, the provider will ask for permission to the bato share personal data (name, email address).

Common problems

Problem Cause and solution
The button does not appear on the login page The switch for that environment is set to no: check active (customer) or active (administration) (administrators).
Provider displays an error message regarding the redirect/callback URL The redirect URL is not (or incorrectly) registered with the provider. Register the exact https://<yourdomain>/login and/or https://<yourdomain>/adminlogin, see "What is the redirect URL?".
Microsoft: error message that the account does not exist in the directory The Tenant field refers to a different tenant than the one the user is in, or the app is registered as single-tenant while common is entered. Check the tenant ID during app registration.
Error message regarding invalid client or secret The Key Id/Key Secret was copied incorrectly, or the secret has expired at the provider. Create a new secret at the provider and update the configuration.
Users
Usergroups
User profiles
Security settings
Anonimise settings
Oauth providers
Import
Webhooks
E-mail setup
i-Reserve User

User

Are you a user of I-Reserve and are you dealing with everyday matters concerning reservations? Then you will probably find the answers to your questions here.
i-Reserve Admin

Admin

Are you responsible for the configuration and implementation of i-Reserve? Then you will find the answers for your tasks in this category.
i-Reserve Developer

Developer

Are you a designer or programmer and are you dealing with the styling and/or development of the frontend? Then take a look around in this category.