The OAuth Module in MokoCRM allows users to log in using third-party identity providers such as Google, Microsoft, Facebook, or any OAuth 2.0-compliant service. This enables single sign-on (SSO) capabilities, reduces password fatigue, and improves access control by centralizing identity management.
The OAuth Module in MokoCRM allows users to log in using third-party identity providers such as Google, Microsoft, Facebook, or any OAuth 2.0-compliant service. This enables single sign-on (SSO) capabilities, reduces password fatigue, and improves access control by centralizing identity management.
🧾 Enabling the Module
- Navigate to:
Home → Setup → Modules → OAuth - Click Activate
- Go to Setup → Security → OAuth to configure providers
🔐 Supported Providers
- Google (Workspace or Gmail accounts)
- Microsoft (Azure AD, Office 365)
- GitHub
- Generic OAuth 2.0 endpoints
🔧 Configuration Requirements
- Obtain:
- Client ID
- Client Secret
- Authorization and Token URLs (for custom providers)
- Set redirect URI in provider settings (e.g.,
https://yourdomain/user/oauthcallback.php) - Enable or restrict login by email domain or user role
🔗 Integration With MokoCRM
- OAuth login button appears on the standard login page
- New users are automatically created (if allowed) with default permissions
- Link existing MokoCRM users to OAuth accounts for future logins
📊 Logging and Security
- OAuth login attempts are recorded in the audit log
- Failed attempts include timestamp and provider details
- Admins can unlink OAuth from user accounts if needed
📌 Best Practices
- Restrict auto-provisioning to trusted email domains (e.g., @yourorg.com)
- Use OAuth with HTTPS only
- Disable native password login for SSO-only environments
- Rotate client secrets regularly via your identity provider
- Coordinate with Moko Consulting for domain-wide rollout or identity provider configuration