Microsoft Azure SSO OAuth2

by
Odoo

46.75

v 13.0 Third Party 31
Lines of code 246
Technical Name s2u_oauth2
LicenseOPL-1
Websitehttps://www.solutions2use.com
Also available in version v 14.0
You bought this module and need support? Click here!
Lines of code 246
Technical Name s2u_oauth2
LicenseOPL-1
Websitehttps://www.solutions2use.com
Also available in version v 14.0

Microsoft Azure SSO Oauth2

Let users login via Office 365 / Azure AD

Single Sign On in Odoo with the same account as your office 365 / Azure AD Account.

21-01-2021 - Fix:Portal users are redirected to /my/home after login and not /web.

20-01-2021 - Fix:Currently it modifies the user's password whenever the user is signed in with MS account, with this fix the original password is restored. This way the user can login with his normal Odoo credentials.

04-01-2021 - Update:If you want to automatically create a non-existing user based on the data of an existing user, give s2u_msaccount the id of the existing user. If you use the value "True", a default user is created, otherwise a user with the rights like the existing user.

15-04-2020 - Update: if Odoo users not exist, you can let them create automaticaly by setting systemparameter: s2u_msaccount with the value True of true.

Please be sure that when creating your App in Azure: "Accounts in this organization directory only (Company name - Single tenant)" is selected. Otherwise other MS users can also create a Odoo account in your Application.

Screenshots

Login

After logging into Azure Portal go to Active directory

Select "App registrations"

Register new application

Fill in application details

For this example Odoo is running localy. So in this case we fill in:
Odoo 13 - test
And at Redirect URI:
http://localhost:8071/auth_oauth/microsoft

Filled in example

When App Registration is done, in the overview copy the "Application (client) ID". This we need in Odoo

To gain access, we need a secret key. go to "Certificates & Secrects" and select "New client secret"

Fillin a description and select expire time.

Filled example

After created secret key, store the value of this key. We need this in Odoo

Give user permissions to view own data.

All this is done via the Microsoft Graph Api. Microsoft Graph documentation

Select Microsoft Graph:

Choose Delegated permissions:

Search for user.read in the search bar and check User.Read.All

Grant admin consent for the company:

Odoo setting after installing the app:

Odoo setting after installing the app:

Create a new connection if Microsoft not exists. Or edit it.

After installing the app and the settings are done. Go to the site:

login with you microsoft account:

give permisions to Odoo to read your profile:

Don't forget to logout, Your Mircosoft session is stil active when you don't log in to Odoo:

Odoo Proprietary License v1.0
This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).
You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).
It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.
The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
There are no ratings yet!
by
Ted Lemmy
on 12/4/20, 12:14 PM Confirmed Purchase

ok I thought this was contacting you directly. What you said was not clear to be so I was trying to clarify before I purchased it. Sorry to bother you with questions. 


by
Ted Lemmy
on 12/2/20, 4:52 PM Confirmed Purchase

hello?

Re:
by
Bas Ubbels
on 12/3/20, 2:45 AM Author

Hello Ted,

I already explained how the module works. If you need modifications please contact us directly.

regards,

Bas


by
Ted Lemmy
on 11/24/20, 11:44 AM Confirmed Purchase

You said this. . "To make this work the UserPrincipalName (UPN) is taken to match within Odoo."

With most users the upn is the portion of their email that comes before the @. They would be signing in with their email. That is not enough though we would need a upn field in Odoo your saying? I am just trying to duplicate what we already do with Google with O365. I set it up as mycompany.com and allow login for Google. We send a password reset to the user and instruct them to click the login with Google link to change password and it works great. There is really no way to make this simple with my customers that use O365 too?


by
Ted Lemmy
on 11/23/20, 10:21 AM Confirmed Purchase

But assuming they are a web portal user already? Let's say my domain and my tennant is unifiedconcepts.com. I have Odoo customers that we give portal rights to from many different companies. Some have O365 for their email etc. (all different domains and tenants) If I enable portal rights and send them a password reset will they be able to link and log in with their companies email and password?

Re:
by
Bas Ubbels
on 11/23/20, 11:37 PM Author

Hello Ted,

correct, when a user already exists within Odoo, this user settings will be taken. To make this work the UserPrincipalName (UPN) is taken to match within Odoo. If you are able to import all those UPN's, your users can login into Odoo.

Please note that the user explicit has to tell Odoo he want's to login with his Microsoft login (see screenshots in description), meaning a password reset is not working. A user can still login on the normal way.

Hope this helps.

regards,

Bas


Question on this
by
Ted Lemmy
on 11/9/20, 8:31 PM Confirmed Purchase

If we have an Azure account for our company and we want to enable SSO for our customers to log into our web portal with their companies AD account will this accomplish that?

Re: Question on this
by
Bas Ubbels
on 11/10/20, 2:49 AM Author

Hello Ted,

Not by default. You need to modify something on the part when user is not available in Odoo, the module will create the user with default settings in Odoo. This part needs to be changed in a way that user becomes portal user.