SSO
What is Single Sign-On (SSO)?
Single Sign-On (SSO) is an authentication mechanism that enables users to access multiple related systems with a single login. By configuring SSO, new users can register and log in to your website using existing accounts (such as Google or Facebook).
- Only supports the standard OAuth2 protocol.
- Available for Pro Plan and above.
Benefits
- Improved User Experience: Users only need to log in once to access multiple applications, reducing repetitive login steps.
- Enhanced Security: Centralized access management provides stronger security than traditional username and password authentication.
- Simplified Management: SSO streamlines the management of multiple applications for organizations.
How to Configure
Create an SSO Configuration in Momen
- Open your project settings, navigate to Login > SSO, and click Add.
- Momen will automatically generate a callback URL for redirection after successful authorization.
Register an Application with an Identity Provider (e.g., Google)
- Register as a Google Developer at Google Cloud Console .
- Create a new project and provide the required project information.
- Enable APIs and services for the project, then configure the OAuth consent screen.
- Set up the privacy policy and terms of service pages.
- Create an OAuth client ID and enter the callback URL provided by Momen.
- Obtain the client ID and client secret.
Enter Application Information in Momen
- Input the client ID, client secret, and scope.
- Save the configuration and enable SSO.
Configure Actions
- Register/Login: After authorization, log in if the account exists; otherwise, register a new user.
- Bind Existing Account: Link the authorized account to the currently logged-in user.
- Unbind Account: Disconnect the current account from SSO.
Consuming User Information
To update a user’s “email” information as an example:
- Add an
emailfield to the account table. - Add the following code to your Actionflow to update the username and email in the account table:
function updateAccount(variables) {
const gql = `mutation updateAccount(
$accountId: bigint
$email: String
$name: String
) {
update_account(
_set: { email: $email, username: $name }
where: { id: { _eq: $accountId } }
) {
returning {
id
username
}
}
}
`
return context.runGql('updateAccount', gql, variables, {
role: 'admin',
}).update_account
}
function queryAccount(variables) {
const gql = `query queryAccount($accountId: bigint) {
account(where: { id: { _eq: $accountId } }, limit: 1) {
id
username
}
}
`
return context.runGql('queryAccount', gql, variables, {
role: 'admin',
}).account[0]
}
const accountId = context.getSsoAccountId()
const queryAccountResult = queryAccount({ accountId })
if (queryAccountResult.username === null) {
const userInfo = context.getSsoUserInfo()
const userInfoJson = JSON.parse(userInfo)
const name = userInfoJson.username
const email = userInfoJson.email
const updateAccountVariables = {
accountId,
email,
name,
}
const updateAccountResult = updateAccount(updateAccountVariables)
}Suggestions for Further Improvement:
- Consider adding a diagram to illustrate the SSO authentication flow.
- Provide troubleshooting tips for common SSO integration issues.
- If supporting other identity providers (e.g., Facebook, Microsoft), add provider-specific notes or links to their documentation.
- Ensure all referenced UI elements (e.g., “Login > SSO”) match the actual product interface for consistency.
Last updated on