Integrations

We are offering several ways for integrating your existing customer backend, into your Smart Space. The following alphabetical ordered list gives you an overview of the current supported authentication providers.

They are all offering the possibility to use them as an authentication backend, for managing your customer base and can be used for authentication into our mobile applications.

You can decide if we should sync personal information of the authenticated users into your Smart Space backend. This can be helpful for a better overview, but may be in conflict with data privacy laws. Your Smart Space backend can work also without those information.

Please keep in mind, that the user data will only be synced, if the user signs in the first time. Your Smart Space backend will re-validate the information each night. If this fails, the user will be blocked. If you need to remove a user immediatly, please disable the user at your identity provider and delete the account in the Smart Space backend.

After you created the mobile application with the specific information for your integration, just select the application in your OAuth application.

If you are missing an integration, feel free to contact us. We’re relying on OAuth2 or OpenID Connect as our authorization protocols. If your solution also supports one of those an integration can be create very easily.

Auth0

Auth0 is an identity as a service provider.

You can obtain the following information the normal setup process of your project at Auth0.

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: Auth0 Identity Service
  • Client ID: $your-client-id
  • Client Secret: $your-client-secret
  • Site URL: https://$yourname.eu.auth0.com

You must specify an authorized redirect URI. Use https://$your-name.sensorberg.com/auth/auth0/callback

BambooHR

BambooHR is a human resource software for small and medium businesses. You can use BambooHR together with the Smart Space mobile applications.

For integration, please contact BambooHR to get the client_id and client_secret. You need to provide them the correct redirect URI, which would be: https://$your-name.sensorberg.com/auth/bamboohr/callback.

After you obtained those information, please create a new mobile app with the following information:

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: BambooHR
  • Client ID: $your-client-id
  • Client Secret: $your-client-secret
  • Site URL: https://$yourname.bamboohr.co.uk/

Cobot

Cobot is offering a coworking management software. You can use Cobot to manage you coworking space.

To integrate Cobot into your Smart Space backend, please create the required client_id and client_secret - use https://$your-name.sensorberg.com/auth/cobot/callback as the redirect URI and read_user as scope. “Name” could be “SmartSpace Authentication” and the “Main Application URL” can point to your main website.

After you created those information, you need to add a new mobile app with the following information:

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: Cobot
  • Client ID: $your-client-id
  • Client Secret: $your-client-secret

Google Identity

Google Identity Service is one of the largest identity providers. You can integrate it as your authentication provider for your Smart Space solution. For creating the client_id and client_secret, please follow the following steps:

  1. Go to Google Developer Console
  2. Select or create your project
  3. Click ‘Enable and manage APIs’
  4. Make sure “Contacts API” and “Google+ API” are active
  5. Go to Credentials, then select the “OAuth consent screen” tab on top. You must set a ‘product name’, ‘support email address’ and ‘authorized domain’
  6. Create OAuth-Client-ID as web application
  7. You must specify an authorized redirect URI. Use https://$your-name.sensorberg.com/auth/google_oauth2/callback
  8. Copy client_id and client_secret. These must be entered in the Sensorberg Platform
  9. Wait for 10 minutes for changes to take effect

After you’ve created the OAuth-Client-ID, you need to add a new mobile app in the Sensorberg Platform with the following credentials:

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: Google Identity Service
  • Client ID: $your-client-id
  • Client Secret: $your-client-secret

Keycloak

Keycloak is an Open Source identity and access management solution. You can use Keycloak for integration into your Smart Space solution.

We are offering a “Generic OAuth Provider” which can be used for integration.

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: Generic
  • Client ID: $your-client-id
  • Client Secret: $your-client-secret
  • Site URL: Base URL of your Keycloak installation
  • Authorize URL: f.e. /auth/realms/master/protocol/openid-connect/auth
  • Token URL: f.e. /auth/realms/master/protocol/openid-connect/token
  • Path of raw information: f.e. /auth/realms/master/protocol/openid-connect/userinfo
  • Path to UID in raw information: sub

Salesforce

Salesforce provides customer relationship management (CRM) service and also sells a complementary suite of enterprise applications focused on customer service, marketing automation, analytics, and application development.

We are offering a “Generic OpenID Connect Provider” which can be used for the integration.

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: OpenID Connect
  • Client ID: $your-client-id
  • Client Secret: $your-client-secret
  • Site URL: https://$your-domain.$tld.force.com/
  • Path of raw information: f.e. id
  • Scope: id,openid

And finally, please disable the option: Send the scope parameter to OpenID token endpoint?.

Microsoft Azure Active Directory

Microsoft provides a cloud hosted Active Directory running on Azure. We are supporting authentication towards this Active Directory. Please be aware that this is not working with self-hosted Active Diretory installations.

We are offering an “Azure Active Directory Provider” which can be used for the integration. Before you can set up everything, you need to create a new application in your Active Directory.

  • Register a new application
  • Enter a Name
  • Specify who should be able to use the application (“Single tenant” is recommended)
  • Redirect URI use “Web” and “https://$your-name.sensorberg.com/auth/azure_activedirectory/callback” as URL
  • Store “Application (client) ID” and “Directory (tenant) ID” from the overview page for later
  • Under “Authentication”
    • Enable “Access tokens” and “ID tokens” under “Implicit grant and hybrid flows”
    • Enable “Allow public client flows” under “Advanced settings”
  • Under “Certificates & secrets”
    • Create a new client secret under “Client secrets”
    • Store the “value” of the client secret for later reference
  • Under “API permissions”
    • Add “email”, “openid” and “profile” from the “Microsoft Graph” API (as delegated permissions) to be accessable by this application
    • Please ensure, that you also “Grant admin concent” for those API permissions

In your Smart Space backend, please enter the following settings:

  • Authentication type: External OAuth2 Provider
  • OAuth Provider: Azure Active Directory
  • Client ID: Application (client) ID (visible on the overview page of the previously generated application)
  • Client Secret: Value of the client secret (the value of the secret you generated during the setup process of your application)
  • Site URL: https://login.microsoftonline.com/$tenant_id ($tenant_id can be found on the overview page of the previously generated application)