Identity Providers
Connect your own OAuth 2.0 identity provider to a Keycard zone
Keycard provides zone user authentication by default. If you want to use your own identity provider (Okta, Auth0, Google, etc.) for zone-level user authentication, follow the steps below.
Connect an Identity Provider
Section titled “Connect an Identity Provider”-
Get your Redirect URL
- In Keycard Console, go to Zones, open the ⋯ menu on your zone’s card, and select Settings
- On the Connection tab, copy the Redirect URL
- Keep this URL handy for the next step
-
Configure your identity provider
In Okta:
- Navigate to Applications → Create App Integration
- Select OIDC - OpenID Connect and Web Application
- Add the Redirect URL to Sign-in redirect URIs
- Enable grant types: Authorization Code, Refresh Token
- Assign users to the application
- Note your Issuer URL, Client ID, and Client Secret
In Keycard Console:
- Click Providers in the sidebar and then ‘Add Provider’
- Enter Issuer URL:
https://<your-domain>.okta.com - Enter Client ID and Client Secret
- Click Connect
In Auth0:
- Navigate to Applications → Create Application
- Select Regular Web Application
- Add the Redirect URL to Allowed Callback URLs
- Note your Domain, Client ID, and Client Secret
In Keycard Console:
- Click Providers in the sidebar and then ‘Add Provider’
- Enter Issuer URL:
https://<your-tenant>.auth0.com/(include trailing/) - Enter Client ID and Client Secret
- Click Connect
In Google Cloud Console:
- Navigate to APIs & Services → Credentials
- Create OAuth 2.0 Client ID (Web application)
- Add the Redirect URL to Authorized redirect URIs
- Note your Client ID and Client Secret
In Keycard Console:
- Click Providers in the sidebar and then ‘Add Provider’
- Enter Issuer URL:
https://accounts.google.com - Enter Client ID and Client Secret
- Click Connect
For any OAuth 2.0 / OIDC provider:
- Create a web application in your provider
- Add the Redirect URL to allowed redirect URIs
- Enable Authorization Code and Refresh Token grant types
- Note your provider’s issuer URL, client ID, and client secret
In Keycard Console:
- Click Providers in the sidebar and then ‘Add Provider’
- Enter your provider’s Issuer URL
- Enter Client ID and Client Secret
- Click Connect
-
Select the identity provider for the zone
In Keycard Console:
- Go to Zones, open the ⋯ menu on your zone’s card, and select Settings
- Select the Settings tab
- In the Zone sign in configuration section, open the Identity Provider dropdown and select the provider you just configured
- Click Save Changes
Troubleshooting
Section titled “Troubleshooting”OAuth flow fails or redirects to error page
- Verify the Redirect URL is correctly added to your identity provider
- Ensure your identity provider’s issuer URL is correct (include/exclude trailing
/as required) - Check that users are assigned to the application in your identity provider