The OAuth Module in MokoCRM allows users to log in using third-party identity providers such as Google, Microsoft, Facebook, or any OAuth 2.0-compliant service. This enables single sign-on (SSO) capabilities, reduces password fatigue, and improves access control by centralizing identity management.
๐งพ Enabling the Module
- Navigate to:
Home โ Setup โ Modules โ OAuth - Click Activate
- Go to Setup โ Security โ OAuth to configure providers
๐ Supported Providers
- Google (Workspace or Gmail accounts)
- Microsoft (Azure AD, Office 365)
- GitHub
- Generic OAuth 2.0 endpoints
๐ง Configuration Requirements
- Obtain:
- Client ID
- Client Secret
- Authorization and Token URLs (for custom providers)
- Set redirect URI in provider settings (e.g.,
https://yourdomain/user/oauthcallback.php) - Enable or restrict login by email domain or user role
๐ Integration With MokoCRM
- OAuth login button appears on the standard login page
- New users are automatically created (if allowed) with default permissions
- Link existing MokoCRM users to OAuth accounts for future logins
๐ Logging and Security
- OAuth login attempts are recorded in the audit log
- Failed attempts include timestamp and provider details
- Admins can unlink OAuth from user accounts if needed
๐ Best Practices
- Restrict auto-provisioning to trusted email domains (e.g., @yourorg.com)
- Use OAuth with HTTPS only
- Disable native password login for SSO-only environments
- Rotate client secrets regularly via your identity provider
- Coordinate with Moko Consulting for domain-wide rollout or identity provider configuration