!!Enterprise Licenses Only\\
This plugin allows you to delegate access of OAuth providers. On the CrushFTP's login page next to the login button will appear the enabled provider's "__Signed in"__ button".\\
Currently __Google Sign-In__, __Microsoft Sign-In__, __Azure Active Directory B2C Sign in__ and __Amazon Cognito Sign in__ are supported.\\
\\
!1. Google Sign-In\\
See [Google Sign in Configuration]\\
!2. Microsoft Sign-In\\
See [Microsoft Sign in Configuration]\\
!3. Azure Active Directory B2C\\
See [Azure Active Directory B2C Configuration]\\
!4. Amazon Cognito\\
See [Amazon Cognito Configuration]\\
!5. Plugin Settings\\
\\

__1.__ __Username matching__ -> It filters the OAuth user name (Google Auth: email address, Microsoft Auth: user principle name). You can put multiple value separated by comma. Domain filter is allowed to (like *mydomain.com).\\
\\
__2.__ Allowed authentication types\\
\\
__3.__\\
    __a.__ __Skip OTP processing__ -> CrushOAuth plugin is not compatible with [OTP Settings] as IDP (identity provider) can have their own two factor authentication. Turning the flag to true will skip OAuth users from CrushFTP's OTP process.\\
    __b.__ __Get Cognito user info__ -> Gets more info about Amazon Cognito users (like custom attributes). Only if __Amazon Cognito Sign in__ is enabled.\\
\\
__4.__ OAuth only used for Authentication ([User Manager] defines user's access.) -> If users already exists with username of the IDP (identity provider), you can use the CrushOAuth plugin __just for authentication__.\\
\\
__5.__ __Template Username__ -> The signed in user inherits no just the settings, but the VFS items too (as Linked VFS).\\
\\
__Import settings from CrushFTP user__ -> The signed in user inherits just the settings from this user. __It must have a value! __Default value would be : __default__ -> the default user of CrushFTP\\
\\
__6__ __OAuth Roles__ -> You can configure different Template Users (see 5.) based on IDP's (identity provider) attributes.\\
IDP Attribute examples:\\
{{{

Google Sign-In:
email_verified, idp_user_info, given_name, family_name, email_verified, group

Microsoft Sign-In:
mail, idp_user_info, displayName, jobTitle, businessPhones, mobilePhone, officeLocation, group

Amazon Cognito Sign in:
email, username, identities, cognito:username, cognito:groups, custom:<<defined custom attributes>>
}}}
Role examples :
{{{
<<IDP attribute name>>=<<IDP attribute value>>,<<IDP attribute name>>=<<IDP attribute value>> : tmeplate user name
}}}
\\
IDP attribute value : Exact match, Simple Match (like : *mail.com*), Regex match (like REGEX:<<the regular expression>>), if the value is a n array you can reference only one of the array element. Like (IDP Attribute value : __groups[group1,group2]__ -> you can match with __group1__)\\
 \\
\\
__7.__ VFS related settings\\
\\
[attachments|plugin_settings.png]\\
\\