OAuth 2.0 Configuration Example
This section explains how to configure OAuth 2.0 providers for Microsoft and Google, with reference examples for each. For detail about each parameter, see Authentication.
To successfully configure OAuth authentication in SEI, you must complete the process in three main steps:
- Collect your provider information from the Microsoft or Google portal (Client ID, endpoints, scopes, etc.).
- Enter these values into SEI in the Authentication configuration form.
- Map your users so SEI knows which external identity corresponds to each internal username.
Microsoft
Step 1 — Provider information (from Azure portal)
In the Azure App Registration portal, gather the key OAuth details for your application. These values define how SEI will communicate with Azure AD to authenticate users and request access tokens.
| Parameter | Example |
|---|---|
| Client ID | 11de338f-3443-4c96-8fa5-81e5c682af10Specifies the application’s unique identifier. Find it on the Overview page in Azure. |
| Client Secret | (hidden for security; enter yours here) Provides secure client authentication. Create under Certificates & secrets. |
| Discovery Endpoint | https://login.microsoftonline.com/6fe2c527-u776-4v20-kqq8-a63670f1043r/v2.0/.well-known/openid-configurationPoints to Azure OpenID Connect metadata. Find under Endpoints in Overview. |
| Authorization Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b69640f1056b/oauth2/v2.0/authorizePoints to Azure OpenID Connect metadata. Find under Endpoints in Overview. |
| Token Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b69640f1056b/oauth2/v2.0/tokenPoints to Azure OpenID Connect metadata. Find under Endpoints in Overview. |
| User Info Endpoint | https://graph.microsoft.com/oidc/userinfoRetrieves authenticated user profiles. |
| Scopes | openid, email, offline_access Defines access levels and claims included in the authentication process. |
Step 2 — Authentication configuration example in SEI
Enter the Azure OAuth values into SEI’s authentication settings. This step establishes a secure connection between SEI and Azure AD, enabling token-based authentication during user sign�‑in.
| Field | Example |
|---|---|
| Activate | Enabled |
| Description | Sign In With Azure[OAuth] |
| Client ID | 11de338f-3443-4c96-8fa5-81e5c682af10 |
| Client Secret | (hidden for security; enter yours here) |
| Discovery Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/v2.0/.well-known/openid-configuration |
| Authorization Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/oauth2/v2.0/authorize |
| Token Endpoint | https://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/oauth2/v2.0/token |
| Scope | openid, email, offline_access |
| Redirect URLs |
|
| User Info Endpoint | https://graph.microsoft.com/oidc/userinfo |
| User Identifier | ID token claim for matching users. Prefer sub or oid for multitenant setups."sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |
| Prompt | select_account |
| Force reauthentication | Disabled |
Step 3 — Map users
Choose the Azure claim (such as sub, oid, or email) that identifies users and map it to the correct SEI accounts. This ensures that Azure‑authenticated users access the appropriate SEI profiles.
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
admin@companyname.com | |
| User Identifier | "sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |
Google
Step 1 — Provider information (from Google Cloud Console)
In the Google Cloud Console, collect the OAuth credentials and endpoints for your application. These define how SEI will authenticate with Google and request user identity information.
| Parameter | Example |
|---|---|
| Client ID | 343312345323453-t3424qpj03iie75appleqasff42ksq322.apps.googleusercontent.comSpecifies the application’s unique identifier. Find it on the Overview page in Azure. |
| Client Secret | (hidden for security; enter yours here) Provides secure client authentication. Create under Certificates & secrets. |
| Authorization Endpoint | https://accounts.google.com/o/oauth2/v2/authGeneric endpoint. Find in Authenticating the user. |
| Token Endpoint | https://oauth2.googleapis.com/tokenGeneric endpoint. Find in Authenticating the user. |
| User Info Endpoint | https://openidconnect.googleapis.com/v1/userinfoGeneric endpoint for all registered applications |
| Scopes | openid, email Defines access levels and claims included in the authentication process. |
| Discovery Endpoint | https://accounts.google.com/.well-known/openid-configurationGeneric endpoint. Find in Discovery document. |
Step 2 — Authentication configuration example in SEI
Enter the Google OAuth details into SEI to establish a trusted connection. This configuration allows SEI to request tokens from Google and validate user identity during the login process.
| Field | Example |
|---|---|
| Activate | Enabled |
| Description | Sign In With Azure[OAuth] |
| Client ID | 343313245323453-t342qjpj03iie75appleqsaff42ksq322.apps.googleusercontent.com |
| Client Secret | (hidden for security; enter yours here) |
| Discovery Endpoint | https://accounts.google.com/.well-known/openid-configuration |
| Authorization Endpoint | https://accounts.google.com/o/oauth2/v2/auth |
| Token Endpoint | https://oauth2.googleapis.com/token |
| Scope | openid, email |
| Redirect URLs |
|
| User Info Endpoint | https://openidconnect.googleapis.com/v1/userinfo |
| User Identifier | ID token claim for matching users. Prefer sub or oid for multitenant setups."sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |
Step 3 — Map users
Select the claim returned by Google (typically sub or email) that uniquely identifies a user, and map it to a SEI user. This ensures that Google-authenticated users are matched correctly within SEI.
| Field | Example |
|---|---|
| Username | ADMIN |
| Name | ADMIN |
admin@companyname.com | |
| User Identifier | "sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09" |