!!Enterprise Licenses Only\\
This plugin allows you to delegate access to OAuth ([https://en.wikipedia.org/wiki/OAuth]) providers. On the CrushFTP's login page next to the login button will appear the enabled provider's "__Signed in"__ button".\\
Currently __Google Sign-In__, __Microsoft Sign-In__, __Azure Active Directory B2C Sign in__ and __Amazon Cognito Sign in__ are supported.\\
\\
!1. Google Sign-In\\
See [Google Sign-in Configuration]\\
!2. Microsoft Sign-In\\
See [Microsoft Sign-in Configuration]\\
!3. Azure Active Directory B2C\\
See [Azure Active Directory B2C Configuration]\\
!4. Amazon Cognito\\
See [Amazon Cognito Configuration]\\
!5. Plugin Settings\\
\\

__1.__ __Username matching__ -> It filters the OAuth user name (Google Auth: email address, Microsoft Auth: user principal name). You can put multiple values separated by a comma. Domain filter is allowed to (like *mydomain.com).\\
\\
__2.__ Allowed authentication types\\
\\
__3.__\\
    __a.__ __Skip OTP processing__ -> CrushOAuth plugin is not compatible with [OTP Settings] as IDP (identity provider) can have its own two-factor authentication. Turning the flag to true will skip OAuth users from CrushFTP's OTP process.\\
    __b.__ __Get Cognito user info__ -> Gets more info about Amazon Cognito users (like custom attributes). Only if __Amazon Cognito Sign in__ is enabled.\\
\\
__4.__ OAuth only used for Authentication ([User Manager] defines user's access.) -> If users already exist with username of the IDP (identity provider), you can use the CrushOAuth plugin __just for authentication__.\\
\\
__5.__ __Template Username__ -> The signed-in user inherits not just the settings, but the VFS items too (as Linked [VFS]).
\\
__Import settings from CrushFTP user__ -> The signed-in user inherits just the settings from this user. __It must have a value! __Default value would be : __default__ -> the default user of CrushFTP\\
\\
__6__ __OAuth Roles__ -> You can configure different Template Users (see 5.) based on IDP's (identity provider) attributes.\\
IDP Attribute examples:\\
{{{

Google Sign-In:
email_verified, idp_user_info, given_name, family_name, email_verified, group

Microsoft Sign-In:
mail, idp_user_info, displayName, jobTitle, businessPhones, mobilePhone, officeLocation, group

Amazon Cognito Sign-in:
email, username, identities, cognito:username, cognito:groups, custom:<<defined custom attributes>>
}}}
Role examples :
{{{

<<IDP attribute name>>=<<IDP attribute value>>,<<IDP attribute name>>=<<IDP attribute value>> : tmeplate user name

Like:
cognito:groups=Azure_SAML,custom:groups:test_group_one
or
cognito:groups=*SAML*,custom:groups:test_group_one
or
cognito:groups=REGEX:.*SAML$,custom:groups:test_group_one 
}}}
\\
IDP attribute value: Exact match, Simple Match (like *mail.com*), Regex match (like REGEX:<<the regular expression>>), if the value is an array you can reference only one of the array element (exact match only). Like (IDP Attribute value -> __groups:[["group1","group2"]__ -> you can match with __group1__)\\
 \\
\\
__7.__ VFS-related settings -> You can set custom [VFS] for CrushOAuth users.\\
\\
[attachments|plugin_settings.png]\\
\\