Start a conversation Sign in
Start a conversation
  1. Influitive Support
  2. Influitive - Security and Privacy
  3. Articles

OAuth 2 Overview

Overview

The article provides a comprehensive guide on integrating OAuth 2 authentication in AdvocateHub, detailing the Single Sign-On and Dual Login flows, compatibility with join URLs/codes, and the process of inviting nominees and advocates. It addresses potential issues with existing users during the transition to OAuth 2 and offers strategies for a smooth changeover, including proactive measures to prevent account duplication. Additionally, it explains how to set terms and conditions and how the AdvocateHub app supports OAuth 2 for mobile access.

 

Information

 

What does the flow look like from the Advocate point of view?

Using OAuth 2 Single Sign On

The flow for the advocate is as follows:
  1. Navigate to the AdvocateHub URL
  2. They will be immediately be redirected to the login screen you have configured as your login point for your Advocates
  3. Advocate enters the AdvocateHub

Note: If an advocate is already a member of another AdvocateHub with the same email address then there is one additional step in the flow. After they successfully enter their credentials into the customer portal, they will see a message like below:

An email will be sent to the Advocate which will include a link which they just have to click on and they will be brought back to the login screen to enter their credentials once more before gaining access to the AdvocateHub.

Here is a visual walkthrough of the flow the Advocate will experience:


Using OAuth Dual Login

The flow for the advocate is as follows:

  1. Navigate to the AdvocateHub URL
  2. They will be brought to the AdvocateHub Sign In page. They will be greeted with the opportunity to login through the Single Sign-On or click Click here to Sign In to reveal the regular login form where they can enter their email & password and access the Advocatehub:

 

Do Join URL/Codes work with OAuth 2?

Yes. You can use these exactly as you would normally expect with the AdvocateHub. 

 

How do invites work with OAuth 2?

Important Note about Nominees and SSO

If you have a Nominee in your AdvocateHub and then this user tries to sign up to the AdvocateHub using a join URL or by navigating directly to the AdvocateHub they will experience permissions issues. Currently, the only way to 'upgrade' a Nominee to an Advocate is by sending them an invite directly from AdvocateHub, they will then need to click the link contained in the invitation to gain access to the AdvocateHub as an Advocate.

To study some other options on how you can segment your Advocates check out this article .

 

Things to think about if implementing OAuth 2 on an active Hub

If your hub is already up and running and has many Advocates already joined up this could cause some issues if you choose to enable OAuth Single Sign-On, these obstacles can be overcome with some preparation and thought.
Let's take this example, if I have signed up to your AdvocateHub using the email address sean@gmail.com but the email address I use to sign in to your product or portal is sean@influitive.com.

In this case I try to access the hub and am directed to your product or platform to complete the login process. I enter sean@influitive.com and my password and enter the hub successfully but now I will have a brand new account setup as the AdvocateHub did not have an email address sean@influitive.com present, it was looking for sean@gmail.com.

 

What can you do to prepare for this?

We recommend coming up with a strategy of sending communications to your Advocates notifying them of this changeover and letting them know they have to update their email address to match whatever email address they use to access your product or platform. You can do this through email blasts or with a challenge or a combination ideally to try and catch as many people as possible. If Advocate's fall through the cracks we can fix this up for you by merging the duplicate accounts including points and badges but this may take some time to do.
Another method you could use to preempt this issue is to gather all the email addresses of your Advocates in the AdvocateHub and then check them against the email addresses in your database. If there is no match for an email address then you can create an account in your database with this email address. This way the person can continue to use the email address they have been using in the AdvocateHub and no duplicate Advocate accounts will be created.
 

Can I have some Advocates use OAuth 2 SSO but others to use the traditional method of login?

Yes. With OAuth 2 you can choose to enable Dual Sign-On, this allows your Advocates to choose whether to login through Single Sign-On or using the traditional email/password method. This may be helpful if you have Employees and Customers in your program and you would like your employees to use Single Sign into login but your customer to use their email and password.

This is what will greet the Advocate when they navigate to your AdvocateHub if you have Dual Sign-On enabled:

In order to find out how you can switch between Single Sign-On and Dual Sign On have a look at our Configuring OAuth 2 article.

 

Where are the 'Terms and Conditions' housed when using OAuth 2?

You can set the Terms & Conditions under Settings > Advocate Program > Sign-In. Simply enter your desired Terms & Conditions and toggle 'on'.

 

Using OAuth 2 Single Sign-On
If it is important for you to present advocates with your terms and conditions prior to them logging into the AdvocateHub then you can do this easily:
You can set the Terms & Conditions under Settings > Advocate Program > Advocate Consent . Read more on how to configure this page
Once you have this configured, save it and navigate to your AdvocateHub URL where you should be directed to your IdP where you can enter your credentials. Upon successfully entering your credentials you will be brought to the hub Terms & Condition / Consent page. After you agree to conditions and you will be brought into the AdvocateHub
 
Using OAuth Dual Login
This works as it normally would in an AdvocateHub without OAuth enabled. You can read more on how this works here .

How does the AdvocateHub app work with OAuth 2?

The process is as seamless on the AdvocateHub app as it is on your desktop. Let us have a look at the flow when logging in to an SSO enabled AdvocateHub;
1. Opening the AdvocateHub app, you will be greeted with a screen like below. The advocate can hit any of the social sign-in buttons in order to access the AdvocateHub as long as they have associated any of them previously with their advocate profile. They will be instantly brought to a list of the AdvocateHubs they have access to. The advocate can also enter the email address associated with their AdvocateHub account and hit Continue which will take them to another screen before they can see their list of AdvocateHubs.

2. If the advocate has no social authentications tied to their account and have entered their email address then they should see this option below, here they will have to send a sign in link to their email address. They should instantly receive an email with a link that they will need to follow.

3. Once they follow the link they receive they will be brought back into the AdvocateHub app and will see a list of the AdvocateHubs they have access to.
4. Finally, they click on the AdvocateHub they want to enter and voilá!

 

FAQ

Can join URLs/codes be used with OAuth 2 in AdvocateHub?

Yes, join URLs/codes are fully compatible with OAuth 2 as implemented in AdvocateHub.

How can I ensure a smooth transition to OAuth 2 SSO for existing users in an active hub?

To ensure a smooth transition, communicate the changes to your Advocates and encourage them to update their email addresses. Proactively cross-reference email addresses and create accounts to prevent duplication, and consider merging accounts if necessary.

Is it possible to have some advocates use OAuth 2 SSO and others use traditional login methods?

Yes, OAuth 2 enables Dual Sign-On, allowing advocates to choose between Single Sign-On or traditional email/password methods.

How do I set Terms & Conditions for my Advocate Program when using OAuth 2 SSO?

Set the Terms & Conditions under Settings > Advocate Program > Advocate Consent, and ensure the toggle is set to 'on'. Advocates will see the Terms & Conditions after authenticating with their Identity Provider and must agree to them before accessing the AdvocateHub.

Does the AdvocateHub app support OAuth 2 for mobile access?

Yes, the AdvocateHub app provides a seamless login experience with OAuth 2, similar to desktop access, ensuring easy mobile entry for advocates.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments