Lines of code | 246 |
Technical Name |
s2u_oauth2 |
License | OPL-1 |
Website | https://www.solutions2use.com |
Also available in version | v 14.0 |
Lines of code | 246 |
Technical Name |
s2u_oauth2 |
License | OPL-1 |
Website | https://www.solutions2use.com |
Also available in version | v 14.0 |
Microsoft Azure SSO Oauth2
Let users login via Office 365 / Azure AD
Single Sign On in Odoo with the same account as your office 365 / Azure AD Account.
21-01-2021 - Fix:Portal users are redirected to /my/home after login and not /web.
20-01-2021 - Fix:Currently it modifies the user's password whenever the user is signed in with MS account, with this fix the original password is restored. This way the user can login with his normal Odoo credentials.
04-01-2021 - Update:If you want to automatically create a non-existing user based on the data of an existing user, give s2u_msaccount the id of the existing user. If you use the value "True", a default user is created, otherwise a user with the rights like the existing user.
15-04-2020 - Update: if Odoo users not exist, you can let them create automaticaly by setting systemparameter: s2u_msaccount with the value True of true.
Please be sure that when creating your App in Azure: "Accounts in this organization directory only (Company name - Single tenant)" is selected. Otherwise other MS users can also create a Odoo account in your Application.
Screenshots
Login
After logging into Azure Portal go to Active directory
Select "App registrations"

Register new application

Fill in application details
For this example Odoo is running localy. So in this case we fill in:
Odoo 13 - test
And at Redirect URI:
http://localhost:8071/auth_oauth/microsoft

Filled in example

When App Registration is done, in the overview copy the "Application (client) ID". This we need in Odoo

To gain access, we need a secret key. go to "Certificates & Secrects" and select "New client secret"

Fillin a description and select expire time.

Filled example

After created secret key, store the value of this key. We need this in Odoo

Give user permissions to view own data.
All this is done via the Microsoft Graph Api. Microsoft Graph documentation
Select Microsoft Graph:

Choose Delegated permissions:

Search for user.read in the search bar and check User.Read.All

Grant admin consent for the company:

Odoo setting after installing the app:

Odoo setting after installing the app:

Create a new connection if Microsoft not exists. Or edit it.

After installing the app and the settings are done. Go to the site:

login with you microsoft account:

give permisions to Odoo to read your profile:

Don't forget to logout, Your Mircosoft session is stil active when you don't log in to Odoo:

Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module
Report comment
Any abuse of this reporting system will be penalizedThere are no ratings yet!
ok I thought this was contacting you directly. What you said was not clear to be so I was trying to clarify before I purchased it. Sorry to bother you with questions.
hello?
Re:
Hello Ted,
I already explained how the module works. If you need modifications please contact us directly.
regards,
Bas
You said this. . "To make this work the UserPrincipalName (UPN) is taken to match within Odoo."
With most users the upn is the portion of their email that comes before the @. They would be signing in with their email. That is not enough though we would need a upn field in Odoo your saying? I am just trying to duplicate what we already do with Google with O365. I set it up as mycompany.com and allow login for Google. We send a password reset to the user and instruct them to click the login with Google link to change password and it works great. There is really no way to make this simple with my customers that use O365 too?
But assuming they are a web portal user already? Let's say my domain and my tennant is unifiedconcepts.com. I have Odoo customers that we give portal rights to from many different companies. Some have O365 for their email etc. (all different domains and tenants) If I enable portal rights and send them a password reset will they be able to link and log in with their companies email and password?
Re:
Hello Ted,
correct, when a user already exists within Odoo, this user settings will be taken. To make this work the UserPrincipalName (UPN) is taken to match within Odoo. If you are able to import all those UPN's, your users can login into Odoo.
Please note that the user explicit has to tell Odoo he want's to login with his Microsoft login (see screenshots in description), meaning a password reset is not working. A user can still login on the normal way.
Hope this helps.
regards,
Bas
Question on this
If we have an Azure account for our company and we want to enable SSO for our customers to log into our web portal with their companies AD account will this accomplish that?
Re: Question on this
Hello Ted,
Not by default. You need to modify something on the part when user is not available in Odoo, the module will create the user with default settings in Odoo. This part needs to be changed in a way that user becomes portal user.