Configure Single Sign-On
Single Sign-On (SSO) is an authentication mechanism that lets users access multiple related systems or applications with one login. Momen supports SSO configuration to simplify login, improve security, and enhance user experience.
Benefits
SSO simplifies login and improves security and management efficiency:
- Simplified login: One authentication grants access to multiple applications—no repeated logins.
- Unified identity management: Centralized user identity reduces account and password overhead.
- Cross-platform support: Works with identity providers such as Google for Web and Native App clients.
- Improved security: Centralized authentication reduces password leak risk.
- Better user experience: Users do not need to remember multiple credentials.
- Reduced IT burden: Unified identity management lowers operational overhead.
SSO configuration workflow
SSO setup follows these steps:
- Create an SSO configuration in Momen and obtain the redirect URI (callback URL)
- Register an application with your identity provider and enter the redirect URI
- Return to Momen and fill in clientId, clientSecret, and related fields
- Configure SSO actions on your pages
Create an SSO configuration in Momen
-
In the Action tab, find Single Sign-On and click Add.
-
Momen automatically generates a redirect URI (callback URL). The SSO flow works as follows:
- User clicks login and is redirected to the identity provider authorization page (e.g., Google)
- User enters credentials and grants authorization
- After success, the user is redirected back to the redirect URI
Register an application (Google example)
-
Register as a Google developer and create a new project.
-
Fill in project information and create the project.
-
Go to APIs & Services.
-
Configure the OAuth consent screen and select External.
-
Create privacy policy and terms of service pages at paths such as
privacyandterms, and add content. -
Complete OAuth consent screen settings in the Google Cloud Console.
-
Set scopes and add
/auth/userinfo.emailand/auth/userinfo.profile. -
Save when complete.
-
Create an OAuth client ID.
-
Fill in client details. Application type: Web. Name: your choice.
-
Authorized JavaScript origins: your project’s published URL. Redirect URI: the callback URL from your SSO configuration.
-
Copy the client ID and client secret.
Return to Momen and enter credentials
In Momen, enter clientId, clientSecret, and scope (email, profile), then save.
Save and enable
Save the configuration and turn SSO on.
Configure SSO actions
SSO-related actions include:
- Register / Login: After SSO authorization, log in if the account exists; otherwise register a new user and bind SSO.
- Bind existing account: Bind SSO to the currently logged-in account. Fails if not logged in or already bound to another account.
- Unbind account: Disconnect the current account from SSO.
After SSO authorization succeeds, the page redirects. Original page variables and actions are unavailable. On SSO success, you can only configure Actionflow actions.
Retrieve SSO user information
-
Add an
emailfield (text type) to the account table and sync to the backend. -
Add the following code block in an Actionflow, save, and sync to the backend.
Retrieve SSO user info and update the account table
usernameandemail:
function updateAccount(variables) {
const gql = `mutation updateAccount(
$accountId: bigint
$email: String
$name: String
) {
update_account(
_set: { email: $email, username: $name }
where: { id: { _eq: $accountId } }
) {
returning {
id
username
}
}
}
`
return context.runGql('updateAccount', gql, variables, {
role: 'admin',
}).update_account
}
function queryAccount(variables) {
const gql = `query queryAccount($accountId: bigint) {
account(where: { id: { _eq: $accountId } }, limit: 1) {
id
username
}
}
`
return context.runGql('queryAccount', gql, variables, {
role: 'admin',
}).account[0]
}
const accountId = context.getSsoAccountId()
const queryAccountResult = queryAccount({ accountId })
if (queryAccountResult.username === null) {
const userInfo = context.getSsoUserInfo()
const userInfoJson = JSON.parse(userInfo)
const name = userInfoJson.username
const email = userInfoJson.email
const updateAccountVariables = {
accountId,
email,
name,
}
const updateAccountResult = updateAccount(updateAccountVariables)
}- On SSO success, call this Actionflow to fetch and update account information.
Successful configuration
After SSO login succeeds, users can enter the system with one click—no separate registration required.