This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Enterprise Licenses Only
#

This plugin allows you to delegate access of OAuth providers.
Currently Google Sign-In, Microsoft Sign-In and Azure Active Directory B2C are supported.

1. Google Sign-In
#

You will start at the API credentials manager:
https://console.developers.google.com/projectselector/apis/credentials

You first need to make a project. My example calls this CrushFTP-Test.


Next select create credentials, and choose the Web Application type.




When configuring the credential, you have to tell Google the domain you will be originating from when creating the auth token, so this is the URL you use for server administration. Just the protocol://dns_or_ip:port Don't have a trailing slash or it will complain.
You also need to put in the redirect URL of where Google is going to send back the Id token (Id Token : That will be used for authentication of the google user). Copy the Client ID that will be required to integrate the Google Sing-In Button.

Integrate Google Sign-In button



Go to the Preferences-> Ip/Servers and select the HTTP or HTTPS port item (OAuth Sign In Tab) where you want to enable the Google Sing-In button. Check the "Enable Google Sign in" flag and provide the Client ID of you Google project(mentioned above).

2. Microsoft Sign-In
#

It requires Microsoft Graph Application registration. Start at the Microsoft azure portal:
https://azure.microsoft.com/en-us/features/azure-portal/

Application registration: Go to the App registrations and click on New registration:



Name it. Select Single-page Application as platform. The redirect url must ends with :WebInterface/login.html. Then click on register.



Make sure that MSAL.js 2.0, Implicit grant (Access Token, ID Token) grant types are permitted.



Get Client Id and Tenant Id from App registration -> Overview.



Go to the Preferences-> Ip/Servers and select the HTTP or HTTPS port item((OAuth Sign In Tab) where you want to enable the Microsoft Sing-In button. Check the "Enable Microsoft Sign in" flag and provide the Client ID and Tenant ID of your App registration(mentioned above).

3. Azure Active Directory B2C
#

About Azure Directory B2C : https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview
CrushFTP requires : Tenant name, User flow name, Client ID of the App registration.


Application registration: Go to the App registrations and click on New registration:



Name it. Select Single-page Application as platform. The redirect url must ends with :WebInterface/login.html. Then click on register.



Check the flag "ID tokens (used for implicit and hybrid flows)" at Platform configurations.

Get Application (client) ID from App registration -> Overview



Go to the Preferences-> Ip/Servers and select the HTTP or HTTPS port item((OAuth Sign In Tab) where you want to enable the Azure Active Directory B2C button. Check the "Enable Azure Active Directory B2C Sign in" flag and provide the Tenant name, User flow name, Client ID of the App registration (mentioned above).

4. Plugin Settings
#

1. Username matching -> It filters the OAuth user name (Google Auth: email address, Microsoft Auth: user principle name). You can put multiple value separated by comma. Domain filter is allowed to (like *mydomain.com).

2. Allowed authentication types

3. OAuth only used for Authentication (User manager then defines user's access.) -> If the users already exists with username of the OAuth, you can use the plugin just for authentication.

4. Template Username -> The signed in user inherits no just the settings, but the VFS items too (as Linked VFS).

Import settings from CrushFTP user -> The signed in user inherits just the settings from this user.

5. VFS related settings : You can also assign a VFS item for the signed in user.