Introduction
To configure your platform to allow SSO via APIs, you must install the API and SSO app from the Apps & Features area. This app allows you to obtain the access codes to call APIs from your platform.
Activating the API and SSO app in Docebo
Activate the API and SSO app as described in the Managing Apps & Features article of the Knowledge Base. The app is listed in the Docebo Additional Features tab.
Accessing the API and SSO app in Docebo
Begin by logging into your platform as the Superadmin, then access the Admin Menu from the gear icon in the top right corner. In the Admin Menu, find the API and SSO section, then press the Manage subitem to reach the Settings page. On the settings page, you will see three tabs: SSO, API Credentials, and Legacy API.
SSO tab
This tab allows you to enable the SSO option, which lets you use a specific URL to authenticate users from a third-party system in Docebo using APIs. Begin by enabling SSO using the corresponding checkbox in the first section. Then, in the next section, insert a unique secret in the SSO field. (for example: !"amenita19!")
You can also flag the option to force a non-logged-in user to an external URL. If you flag this option, the user must login on another webpage before they can access the platform. When this option is flagged, type the External SSO URL to which you will force the non-logged-in users. Remember to include the URL protocol when defining the External SSO URLs (for example, http://www.doceboexample.com
).
When you're finished, press Save Changes, then move on to the next tab, API Credentials.
API Credentials tab
Your platform comes with a full-fledged OAuth 2.0 server, meaning that you can easily integrate your platform with the most modern cloud applications by using our RESTful APIs and OAuth2. Although you can still use our legacy authentication method, we strongly recommend updating your clients to OAuth2.
OAuth is an open standard for authorization which provides client applications with a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The client then uses the access token to access the protected resources hosted by the resource server. OAuth is commonly used as a way for Internet users to log in to third-party websites using their Microsoft, Google, Facebook or X (formerly Twitter) accounts without exposing their password. [Source: Wikipedia Article on OAuth (Opens in a new tab)].
Create an app by selecting the Add OAuth2 App button in the API Credentials tab. Give a name and description to the new app, then upload an icon that will represent the app. Then, insert the Client ID by creating a name for your app, which will also be the ID. The Client secret will be automatically generated by the system. Finally, insert the Redirect URL, which is the address where the browser will return after successful authorization. Be sure to double-check the grant types.
Click Show Advanced Settings to access the app advanced configuration. For further information on how to configure these options, please see the article on APIs Authentication. When you're finished, press Confirm.
Repeat the process for every system that you want to integrate with your platform. You will then see the newly created apps in the list of apps in this tab.
To activate the app, press the checkmark in the app's row, switching the checkmark from grey (not active) to green (active). You can edit or delete the app using the corresponding icons in the app's row.
When a user wants to log in to the third-party software using their Docebo credentials, the system will then ask for authorization.
OAuth2 endpoints
In order to properly set up your OAuth2 client application, you will need to specify the Client ID and Client Secret, as well as the correct OAuth2 endpoints. OAuth2 endpoints are the URLs you use to make OAuth authentication requests to Docebo. The primary OAuth endpoints are:
- For authorization:
-
http(s):///oauth2/authorize
- For token requests:
-
http(s):///oauth2/token
To learn more about the details regarding grant flows and the usage of endpoints, please refer to the Official OAuth2 standard page (opens in a new tab).
Finally, move on to the Legacy API Authentication tab.
Legacy API authentication
The third tab is for those still wanting to use their Legacy API authentication, although we do not recommend this route. Simply flag the option to enable this authentication.
The API Key and API secret will then be automatically generated by the platform. These parameters are used to connect to the APIs listed in the api-browser, which can be accessed by visiting (substitute yoursubdomain
for your platform's subdomain):
https://<yoursubdomain.docebosaas.com>/api-browser/