FAQ content

LibAuth: Adding a new Microsoft OAuth 2 configuration

In this article

Getting there

To create and manage your LibAuth profiles, go to LibApps > Admin > LibAuth Authentication.

Navigating to the Manage Authentication page
LibApps admin-level users can access LibAuth settings via the LibApps dashboard, under Admin > LibAuth Authentication.

Before you begin

Before setting up your new Microsoft OAuth 2configuration, please carefully review the following sections with your IT staff.

Permissions

  • We support the Access Code grant type for user logins.
  • When configuring your Microsoft OAuth 2 application and setting the authorized redirect URL, use the following URL for your region:
    • European region: https://eu.libauth.com/login/oauth2
    • Canadian region: https://ca.libauth.com/login/oauth2
    • Australian region: https://au.libauth.com/login/oauth2
    • All other customers: https://libauth.com/login/oauth2

Server Information & Parameters

  • Obtain the Client Identifier and Client Secret from the OAuth 2 application you've set up to use with LibAuth.
  • Obtain the Authorization URL and Access Token URL endpoints for your OAuth 2 system.
    • The Access Token URL must use version 2.0 of the API: https://login.microsoftonline.com/{some long identifier}/oauth2/v2.0/token
    • You may need to append a scope parameter to the Authorization URL. We recommend using: ?scope=https://graph.microsoft.com/user.read. This URL would look like: https://login.microsoftonline.com/{some long identifier}/oauth2/v2.0/authorize?scope=https://graph.microsoft.com/user.read

Attributes

  • If you want to set up group permissions, you'll need to know the names of certain attributes (such as status or department), along with their possible values.
    • Creating group permissions in the LibAuth configuration allows you to further restrict access to a subset of authenticated users.
    • For example, if you have an attribute for "type" that defines the user type for each use, you'll want to know the names of the type that you can pick from.
      • You could then use the Type group permission to limit bookings of a certain Spaces category to only those authenticated users with a type of "faculty." Or restrict access to the LibGuides group that you use for your intranet to only those users with a type of "staff."

Add a new Microsoft OAuth 2 configuration

  1. If you have not yet created a LibAuth configuration, skip to Step 2. Otherwise, click on the Add Configuration button to create another one.
Screenshot of the Add Configuration button
  1. Below the Search for Your Institution dropdown, click on the Manual Configuration link.
Clicking to set up a manual configuration
  1. Select Microsoft as your authentication protocol.
Selecting the Microsoft protocol
  1. Enter the server info and parameters provided by your IT staff.
    1. Client identifier: the client ID from your OAuth 2 application.
    2. Client secret: the client secret from your OAuth 2 application.
    3. Authorization URL: the authorization URL endpoint for your OAuth 2 system. This must start with https://.
    4. Access token URL: the access token URL endpoint for your OAuth 2 system. This must start with https://.
server info and parameters fields
  1. Give your configuration a name.
  2. If you'd like, you can also provide notes or details about this configuration for your reference.
  3. Click the Save Configuration button.
General fields & Save Configuration button