Authentication and Webhooks
The platform offers an easy way for account administrators to authenticate and sign in users using Google, Facebook, LDAP, SAML, OAuth2, and OpenID Connect. The platform also allows you to activate web hooks for deeper integration to other core business systems.
Go to Account > Settings > Integration. Each integration requires the following fields:
- App ID/API Key
- Application ID
- Enabled restrict domains.
- Sample domain to show in google login 'modyo.com' (For example 'modyo.com')
- Allowed domain list. Example: 'modyo.com'
- Callback URI
- LDAP Service Name
- Base For example: ou=people,dc=modyoldap,dc=com
- UID: The LDAP attribute name for the user name. For example 'sAMAccountName' (Active Directory), 'uid' (OpenLDAP) or 'UniquePersonalIdentifier'
- Bind DN: Default credentials: User DN to perform user lookup. For example ''cn=admin,dc=modyoldap,dc=com''
- Password: Credenciales por defecto: Password para realizar lookup de usuarios
- Method: plain, SSL, TSL
- Logo LDAP (optional)
- Service Name
- Issuer: The name of your application. Some identity providers might need this to establish the identity of the service provider requesting the login.
- IDP SSO Target URL: The URL to which the authentication request should be sent. This would be on the identity provider.
- IDP SSO Target URL Runtime Params: A dynamic mapping of request params. Supports only alphanumeric param-values pairs separated by a "=", each one on a new line.
- IDP Cert: The identity provider's certificate in PEM format. This will take precedence over the fingerprint option below.
- IDP certificate fingerprint: The SHA1 fingerprint of the certificate, e.g.
- Certificado IDP: Certificado de proveedor de identidad en formato PEM. Es precedente de la huella dactilar.
- IDP Cert Fingerprint: La firma (fingerprint) SHA1 del certificado, por ejemplo.
- Name identifier format: Used during SP-initiated SSO. Describes the format of the username required by this application. If you need the email address, use "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress". See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf section 8.3 for other options. Note that the identity provider might not support all options. If not specified, the IdP is free to choose the name identifier format used in the response..
- Assertion consumer service URL: The URL at which the SAML assertion should be received. If not provided, defaults to "https://account.modyo.cloud/auth/saml/callback".
- SAML Logo
- Service Name
- Service Description
- Authentication Endpoint URL
- Client ID
- Login Field
- Login Field Placeholder
- Use SSL
OpenID Connect allows you to share profile data between the platform and your core business systems.
- Service Name
- JWKS URI
- Authorization Endpoint
- Token Endpoint
- Userinfo Endpoint
- Enable refresh token
- Enable remote logout
- Enable claims synchronization on login
- End session endpoint
- Claims Mapping
- Claim Name
- Account User Custom Fields
Create a new Webhook by clicking + New and using the following fields:
- Webhook URL: This is the "listener URL" that will receive the action type log.
- Log Type: Define the specific log that the Webhook will listen for. There are more than 63 log types from which to choose.
- Site: The site within your Modyo account from which the Webhook will listen.
Below is an example of data for a Webhook when initiating a session from the platform.
"request_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36",