Versions Compared

Old Version 19

changes.mady.by.user Unknown User (bimminger)

Saved on

compared with

New Version 20

changes.mady.by.user Unknown User (gierlinger)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Open the Settings > Organization page and add a new OAuth 2.0 provider. Enter the LinkedIn credentials as below (see LinkedIn documentation for current configuration!). The Identifier is your unique identifier for using with API. The ressources URIs are called for data, which will be stored in the audit-log.

Client ID:your Linked Client ID
Client Secret:your LinkedIn Client Secret
Scope:r_basicprofile r_emailaddress
Authorization URI:https://www.linkedin.com/oauth/v2/authorization
Token URI:https://www.linkedin.com/oauth/v2/accessToken
Logout URI:https://www.linkedin.com
Ressource Parameter:oauth2_access_token
Ressource URI:https://api.linkedin.com/v1/people/~:(id,firstName,lastName,headline,email-address)?format=json

Ressources

LinkedIn and OAuth2: https://developer.linkedin.com/docs/oauth2

Authenticate with Facebook

...

Open the Settings > Organization page and add a new OAuth 2.0 provider. Enter the Facebook credentials as below (see Facebook documentation for current configuration!). The Identifier is your unique identifier for using with API. The ressources URIs are called for data, which will be stored in the audit-log (see Facebook documentation).

Client ID:your Facebook App ID
Client Secret:your Facebook App Secret
Scope:public_profile email user_about_me
Authorization URI:https://www.facebook.com/v2.8/dialog/oauth
Token URI:https://graph.facebook.com/v2.8/oauth/access_token
Logout URI:http://facebook.com
Ressource Parameter:oauth_token
Ressource URI:https://graph.facebook.com/v2.5/me?fields=id,name,first_name,middle_name,last_name,email,birthday

The configured Ressource URI returns a JSON object with the specified parameter. These parameters can be defined in the fields to force a specific LinkedIn user to authenticate (e.g. email address). HINT: to see what data is returned in the Ressource URI send yourself an envelope and have a look in the audit trail. It contains the returned object with its parameter. Note: Parameter in Ressource URI of LinkedIn is not the same in the result (email vs. emailAddress).

...

Open the Settings > Identity Providers page and add a new OAuth 2.0 provider. Enter the eSAW app credentials as below.

Client ID:your
Linked
linked Client ID
Client Secret:your
LinkedIn
linked Client Secret
Scope:
Authorization URI:https://<your-instance-url>/Auth/Authorize
Token URI:https://<your-instance-url>/ApiToken/Retrieve
Logout URI:
Ressource Parameter:oauth_token
Ressource URI:https://<your-instance-url>/api/v5/user/me?fields=Email


The Ressource URI allows to define a validation rule, to ensure that the recipient himself performs the login (and not just any  account on that instance).
Therefore, configure a validation rule of the value "Email" (returned from the resource uri) against the recipient's email address. The resource Uri returns a JSON object with the specified parameter. These parameters can be defined in the fields to force a specific eSAW user to authenticate (e.g. email address).

...

  1. Login to eSignAnyWhere with a user that has administrative permissions on your Organization.
  2. Open the Settings > Identity Providers page and add new OAuth Settings for Signer Authentication.
Provider NameThis name will be displayed in the Authentication dialog in SignAnyWhere Viewer, so make sure it identifies your organization.
e.g.: Video Ident with LiveId+
Redirect UrlThis is already set and has to be white listed on LIP OAuthWrapper. We already provided this URL in the request in Step 2.

Client Id

your "Application (client) ID" from Step 2
Client Secret:your secret's value from Step 2
Scope:
Authorization URI:https://<your-esaw-instance>/OAuthWrapperLiveIdPlus/api/authorize
Token URI:

https://<your-esaw-instance>/OAuthWrapperLiveIdPlus/api/getToken

Logout URI:can be blank
JWKS URI:
https://<your-esaw-instance>/OAuthWrapperLiveIdPlus/Jwk/getJwks
Issuer:

https://<your-esaw-instance>/OAuthWrapperLiveIdPlus

On-Off Sliders:

Image Modified


And then configure the following field mappings:

Field property pathValidate/UpdateData Field
firstnameUpdateRecipient First Name
lastnameUpdateRecipient Last Name
identificationTypeUpdateDisposable Certificate identification type
recognitionTypeUpdateDisposable Certificate document type
identificationNumberUpdateDisposable Certificate identification number
phoneUpdateDisposable Certificate phone number
mailValidateRecipient Email
documentIssuingCountryUpdateDisposable Certificate document issuing country
documentIssuingOrganisationUpdateDisposable Certificate document issued by
documentNumberUpdateDisposable Certificate document number
documentIdentificationCountryUpdateDisposable Certificate identification country
documentIssueDateUpdateDisposable Certificate document issued on
documentExpireDateUpdateDisposable Certificate document expiry date

(if you want to disallow proceeding with data corrected by the video identification agent, change additional mappings from "Update" to "Validate". But note that e.g. small deviations in the name might then disallow to proceed)

...

  1. Login to eSignAnyWhere with a user that has administrative permissions on your Organization.
  2. Open the Settings > Identity Providers page and add new OAuth Settings for User Authentication.
Provider NameIf "Share on login page" is enabled, this name will be displayed on the login page, so make sure it identifies your organization.
e.g.: Azure AD for <Organization name>
Direct access urlIf "Share on login page" is disabled, this link is needed to login to eSignAnyWhere with OAuth 2.0.
Make sure you bookmark this link.
Redirect UrlThis is already set and has to be white listed on Azure AD. We already entered this URL in Step 2, make sure it is the correct URL.

Client Id

your "Application (client) ID" from Step 1
Client Secret:your secret's value from Step 3
Scope:openid email
Authorization URI:your authorization_endpoint from Step 4 or simply
https://login.microsoftonline.com/<Directory (tenant) ID>/oauth2/v2.0/authorize
Token URI:your token_endpoint from Step 4 or simply
https://login.microsoftonline.com/<Directory (tenant) ID>/oauth2/v2.0/token
Logout URI:can be blank
Share on login pageDepending on the server settings this property might not be visible to you. If enabled your provider name will show up on the login page.
Ressource Parameter:oauth2_access_token
Ressource URI:

your userinfo_endpoint from Step 4 or simply

https://graph.microsoft.com/oidc/userinfo (oauth_token)

Click on "Add field" and enter "email" and map it to "User Email Address"

  1. Click on Update to save the configuration
  2. Click on the slider to enable the OAuth provider

...

  1. Login to eSignAnyWhere with a user that has administrative permissions on your Organization.
  2. Open the Settings > Identity Providers page and add new OAuth Settings for User Authentication.
Provider NameIf "Share on login page" is enabled, this name will be displayed on the login page, so make sure it identifies your organization.
e.g.: MyNamirial for <Organization name>
Direct access urlIf "Share on login page" is disabled, this link is needed to login to eSignAnyWhere with OAuth 2.0.
Make sure you bookmark this link.
Redirect UrlThis is already set and has to be white listed on MyNamirial. We already provided this URL in the request in Step 1.

Client Id

your "Application (client) ID" from Step 1
Client Secret:your secret's value from Step 1
Scope:openid email
Authorization URI:your authorization_endpoint from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/auth
Token URI:your token_endpoint from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/token
Logout URI:(Optional - can be blank)
your end_session from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/logout
Share on login pageDepending on the server settings this property might not be visible to you. If enabled your provider name will show up on the login page.
JWKS URI:
your jwks_uri from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/certs
Issuer:

your issuer from Step 2 or simply (for production instance of MyNamirial)

https://auth.namirial.app/realms/namirial
On-Off Sliders:

Image Modified

Field Mappings:Click on "Add field" and enter "email". Select rule "Validate" and map it to "User Email Address"
  1. Click on Update to save the configuration
  2. Click on the slider to enable the OAuth provider

...