!!Enterprise Licenses Only\\
This plugin allows you to delegate access of OAuth providers. On the CrushFTP's login page next to the login button will appear the enabled provider's "__Signed in"__ button".\\
Currently __Google Sign-In__, __Microsoft Sign-In__, __Azure Active Directory B2C Sign in__ and __Amazon Cognito Sign in__ are supported.\\
\\
!!1. Google Sign-In\\
\\
See [Google Sign in Configuration]\\
\\
!!2. Microsoft Sign-In\\
\\
See [Microsoft Sign in Configuration]\\
\\
!!3. Azure Active Directory B2C\\
\\
See [Azure Active Directory B2C Configuration]\\
\\
!!4. Amazon Cognito\\

About __Amazon Cognito__ : [https://aws.amazon.com/cognito/]\\
Create ([https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html]) or use one of your existing __Amazon Cognito user pool__: [https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html]\\
\\
Create or configure __app client__ of the user pool ([https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html]). \\
\\
App type : Select __Confidential client__.\\
Enable __Generate client secret__.\\
Allowed callback URLs:  https://your.CrushFTP.domain.com__/WebInterface/login.html__\\
OAuth 2.0 grant types : __Authorization code grant__\\
OpenID Connect scopes : __OpenID__\\
\\
[CrushOAuth/cognito_user_pool_app_client_1.png]\\
[CrushOAuth/cognito_user_pool_app_client_2.png]\\
\\
Go to the __Preferences__-> __Ip/Servers__ and select the __HTTP or HTTPS__ port item(__OAuth Sign in__ Tab) where you want to enable the Amazon Cognito Sing-In button. Check the "Enable Amazon Cognito Sign in" flag.\\
Required info from __App client__ of the __User Pool__ : __Client ID__ and __Client Secret__.\\
Required info from __User Pool__ :\\ 
Cognito Domain Prefix: It is part of the __Cognito domain__ (Amazon console -> Amazon Cognito -> User Pools -> __User poll__ -> __App integration__ tab). It also contains the region of the User Pool.\\
Like:
{{{[domain_name].auth.[amazon region]}}}\\
User pool ID\\
\\
[CrushOAuth/cognito_client_id_secret.png]\\
[CrushOAuth/cognito_user_pool.png]\\
[CrushOAuth/port_item_settings_cognito.png]\\
\\
Configure the __CrushOAuth__ plugin and enable the flag: __Enable Amazon Cognito Auth__.
\\
!!5. Plugin Settings\\
\\

__1.__ Username matching -> It filters the OAuth user name (Google Auth: email address, Microsoft Auth: user principle name). You can put multiple value separated by comma. Domain filter is allowed to (like *mydomain.com).\\
\\
__2.__ Allowed authentication types\\
\\
__3.__ OAuth only used for Authentication (User manager then defines user's access.) -> If the users already exists with username of the OAuth, you can use the plugin just for authentication.\\
\\
__4.__ Template Username -> The signed in user inherits no just the settings, but the VFS items too (as Linked VFS).\\
\\
Import settings from CrushFTP user -> The signed in user inherits just the settings from this user. __It must have a value! __Default value would be : __default__ -> the default user of CrushFTP\\
\\
__5.__ VFS related settings : You can also assign a VFS item for the signed in user.\\
\\
[attachments|plugin_settings.png]\\
\\