Drupal - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Drupal using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Drupal, ensure you meet the following requirements:
- Drupal admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Drupal are registered in your IdP and have the necessary permissions to access Drupal.
- You must install OAuth & OpenID Connect Login – Oauth2 Client SSO Login module from Drupal
- You must install OAuth & OpenID Connect Login – Oauth2 Client SSO Login module from Drupal
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Drupal - SSO configuration
Step 1 - Configure Multi-Pass as the Identity Provider (IdP)
- Select the correct tenant and go to Integrations, click on Applications
- Select in the custom integration section OIDC
- Complete the OIDC setup with the below information:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | drupal |
| Name | drupal |
| Description | Drupal SSO integration |
- Click Add Integration
- Click Advanced Console
- Select Clients, search for Drupal
- Make sure the different fields are well completed :
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | drupal |
| Name | drupal |
| Description | Drupal SSO integration |
| Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<DRUPAL_DOMAIN>/oauth/callback/<PROVIDER_NAME> |
Step 2 - Configure Drupal as the Service Provider (SP)
- Log into Drupal as an Administrator
- Click on the Configuration tab and select miniOrange OAuth Client
- In the Manage section, under the Client Configuration tab, click on + Add New
- Under Add select Custom OpenID/OAuth 2.0 Provider
- Under Custom App Name put in Multi-Pass
- Complete the Client configuration with the below information:
| Setting | Value |
|---|---|
| Client ID | drupal |
| Grant Type | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/auth |
| Client Secret | Obtain from Multi-Pass |
| Scope | openid email profile |
| Authorization Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/auth |
| Token Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/token |
| User Info Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/userinfo |
Step 3 - Testing Multi-Pass to Drupal
- Navigate to your Drupal login page
- Click Sign in and you will be redirected to Multi-Pass for authentication
- Complete the authentication and access Drupal
Related Articles
OpenID Connect (OIDC) SSO Integration Guide
This guide provides a general overview and step-by-step instructions for configuring OpenID Connect (OIDC) authentication between Multi-Pass (IdP) and a third-party Service Provider (SP). OIDC is a modern identity layer built on top of OAuth 2.0 that ...ATERA - SSO configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mendix - SSO Configuration
This document has been tested and approved by Kelvin Zero Inc This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mendix using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Outsystems (Apps) - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Rocket.chat - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Rocket.chat using MPAS. SSO simplifies user authentication by allowing access to multiple ...