Configure OAuth 2

OAuth 2 authentication allows users to log in using an existing account for another service, such as a Microsoft, Google, or Facebook account.

Create new OAuth 2 service

Once you have enabled the OAuth 2 authentication method, you can now set up services to use as a login method. First of all you will need to go to that service and set up authentication on that end. This usually works by going to that service's developer console, creating a new app, and then copying the ID and secret. Instructions for some commonly used services can be found below. 

Once you have set up the services in Totara, follow these steps:

1. Go to Quick-access menu > Server > OAuth 2 services. 
2. Select Create a new service, choosing the relevant option for the service you are setting up. 
3. Configure the settings. 
4. Click Save changes.  
   

Login via Microsoft account

Follow these steps to set up Microsoft account login for your Totara site:

1. Go to the Microsoft Azure portal.
2. Click New registration under App registrations.
3. Give your app a name, e.g. 'Totara'.
4. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for Supported account types.
5. Choose Web for Redirect URI.
6. Add your site's URL appended with /admin/oauth2callback.php to the Redirect URLs section, e.g. https://totaralearn.com/admin/oauth2callback.php.
7. Click Register.
8. Take a note of the Application (client) ID.
9. Select Authentication from the side menu.
10. Ensure that the Implicit grant settings are disabled.
11. Select API permissions from the side menu.
12. Ensure that the User.Read permission is available under Microsoft Graph (1), and if it is not then add it now.
13. Select Certificates & secrets from the side menu and click New client secret.
14. Add a description, e.g. your app name (Totara), and select when the password/secret will expire.
15. Copy the generated secret string value for use in Totara.
16. In Totara go to Server > OAuth 2 services from the quick-access menu.
17. Click Create a new Microsoft service.
18. Enter the password generated in the Microsoft Azure portal as the Secret and the application ID as the Client ID.
19. Click Save changes.

You can see more instructions from Microsoft on their website.

Login via Google account

Follow these steps to set up Google account login via the Google developer console:

1. Go to the Google developer console.
2. Create a new project using either the Select a project dropdown at the top or the Create button. 
3. Give the project a name, e.g. 'Totara login'.
4. Click Create. 
5. Go to Credentials from the left-hand menu. 
6. Select the OAuth consent screen section and complete the settings.
7. Click Save. 
8. Select the Credentials tab, then choose OAuth client ID from the Create credentials dropdown. 
9. Choose the Web application option and set the Authorized redirect URIs as your site's URL appended with /admin/oauth2callback.php, e.g. https://totaralearn.com/admin/oauth2callback.php
10. Click Create. 
11. Take a note of the client ID and secret generated. 
12. In Totara, go to Quick-access menu > Server > OAuth 2 services. 
13. Click Create a new Google service. 
14. Enter the Secret and Client ID given in the Google developer console. 
15. Click Save changes.  

You can see more about Google and OAuth 2 on their website. 

Login via Facebook

If you wish to enable Facebook login then you can do this via the Facebook developer portal. The basic process is:

1. Create a Facebook app via Facebook for Developers. This will need to have a Display name and Contact email. 
2. In Product, select FacebookLogin.
3. Choose the Web option and configure the settings. 
4. Make a note of the App ID and App Secret. 
5. In Totara, go to Quick-access menu > Server > OAuth 2 services. 
6. Click Create a new Facebook service. 
7. Enter the Secret (the App Secret) and Client ID (the AppID) given in Facebook. 
8. Click Save changes.

You can find details on how to configure Facebook login in their help documentation.