Overview

The authentication system serves the purpose of secure sign-in and identification of users. It is possible to configure any number of authentication providers, but only one of these will typically be used for sign-in.

To implement your desired authentication system, you need to configure:

1. the authentication provider, which will handle the sign-in requests.
2. the organization provider, which will provide the users and groups information.

When a user performs the login using the authentication provider, Witboost will check if the user is part of the user list fetched by the organization provider, if said user is part of the fetched groups, and if they are allowed to access the system.

In the following sections, we will provide an overview of how to configure every supported provider, by configuring both the authentication and organization providers.

tip

You can configure every Authentication Provider to display a custom title and message in the login page. To do so, you can add the title and message fields to the provider configuration. The title field will be displayed as the title of the login page, while the message field will be displayed as a message in the login page.

For example, you can customize the Microsoft provider configuration as follows:

auth:
  providers:
    microsoft:
      default:
        clientId: <clientId>
        clientSecret: <clientSecret>
        tenantId: <tenantId>
        signIn:
          resolvers:
            - resolver: emailMatchingUserEntityAnnotation
        title: 'Microsoft'
        message: 'Sign in using Microsoft Azure AD'

This will result in the following login prompt: