In order to switch to IDaaS-Generic mode, Morro needs to get the access token from the authorization server of your IDaaS Provider by the Password grant type.  So it is necessary to ensure that your IDaaS Provider supports the Password  grant type.  

  • The general way is to find the value "grant_types_supported" from the IDaaS Provider's Metadata Address page.  (The URL is like https://{oauth-provider-hostname}/.well-known/openid-configuration . It is recommended to use the Firefox browser to open it.The Metadata Address page will show the Authorization Server Metadata spec (also known as OAuth Discovery), it defines a format for clients to use to look up the information needed to interact with a particular OAuth server.
  • The grant type is not always displayed on the Metadata Address page depending on different IDaaS providers. (For example, "Auth0" doesn't have grant types on their Metadata Address page. ) 

In this document, we use the IDaaS Providers "Auth0", "Okta" and "Google" as examples, to introduce the general way to configure your own IDaaS Provider for use with Morro Data:

  1. Login to your IDaaS Provider account. Find the "Application" page in your IDaaS Provider, and create an OIDC application. Choose the application type as "Web".
    In the pictures below, here are the steps of IDaaS Provider "Auth0" to create an application:
    Select the "Regular Web Applications" option, and click the "Create" button:
  2. Check if the Password grant type is supported. Generally, you can check it from the Metadata Address. (Here are examples of "Okta" and "Google". )
    Open the URL of the Metadata Address from the Browser and check the parameter "grant_types_supported ":
    [1] For "Okta", the Password grant type is supported.
    [2] For "Google", the Password grant type is not supported. So Morro IDaaS-Generic mode is not supported for "Google". If the grant type is not shown in Metadata Address, you can check the related settings in your new-created application, or refer to the help documents of your IDaaS Provider. For example, in Auth0, click the new-created application, check in "Settings" ->  "Advanced Settings" -> "Grant Types", select "password" and save.NOTE: If there is no Password grant type on the Metadata Address page, application's settings page, or any other setting, this IDaaS Provider is not supported for Morro IDaaS-Generic mode.
  3. After ensuring that your IDaaS Provider is supported for Morro, set the "redirect URLs" of the new-created application as "https://oauth.morrodata.com/redirect". (Use "Okta" and "Auth0" as examples.)
    [1] For "Okta", select the new-created application and click "General":
    Edit in "General Settings" -> "LOGIN" -> "Sign-in redirect URIs", input Morro's redirect URL and save.
    [2] For "Auth0", select the new-created application and click the "Settings" page: Add Morro's Redirect URL in "Application URL" -> "Allowed Callback URLs", and save.
  4. After finishing the configuration in step 3, get and save the Client Info of the new-created application: (Use IDaaS Provider "Auth0" as an example)
    [1] Click "Settings", save "Client ID" and "Client Secret":
    [2] Click "Settings" -> "Advanced Settings" -> "Endpoints", save the Metadata Address from "Open ID Configuration": 
  5. Go to the MCM -> Team -> Authentication page.  Enter the name of your IDaaS Provider and Metadata Address, Client ID and Client Secret that saved from the previous step.
  6. In the Credential field, enter an available username and password from your IDaaS Provider. Then click the button "Switch To This Mode", to switch into IDaaS-Generic mode.