How to Setup User Onboarding with any OAuth Provider – Endian

Applies to Platform: Switchboard 6.8.x
Last update: 10 May 2025

A new major feature for the Endian Switchboard in 6.8.x is support for single sign-on (SSO) authentication utilizing OAuth 2.0 protocol for users to sign in to the platform. This includes support for just-in-time (JIT) provisioning which means users are both authorized for proper permission and onboarded to the platform. Our platform provides an intuitive onboarding mechanism where an administrator can create rules to define how to map OAuth metadata (e.g. user name, role, group, etc) into Switchboard user permission and/or group membership.

Note

The just-in-time provisioning works by dynamically validating the user onboarding rules for each and every user authentication attempt. This means if a change is made to a user onboarding rule, the change will be reflected the next time each user (affected by the rule) authenticates to the Switchboard. This helps to make the management of the Switchboard as efficient and effective as possible.

Prerequisites

You should have already configured an OAuth provider before you can begin this step.

Create Onboarding Rules

Navigate to Authentication > Services and select the edit icon for your desired OAuth provider.

Here you can create your first onboarding rule by clicking Add onboarding rule. You can use the interactive tutorial below to follow along in creating a sample onboarding rule.

From here, you can add as many onboarding rules as you require in order to properly onboard all the various user and groups who will be accessing the Switchboard. For each onboarding rule you can also specify the order which factors into the processing of the onboarding rules.

New in Version 6.8.6

Choose Your Onboarding Rule Match Policy

Match First (only): This policy will look for the first match (from the top rule to the bottom) and exit the processing of the rules on the first match

Match All Rules: This policy will check for all matches in all onboarding rules and apply their combined outcomes (assignments). This means if a user belongs to more than one group, for example, then for each rule that matches the system would additively apply each rule. This allows organizations to "mirror" the structure of the authentication system on the Switchboard platform.

If you are using the Match All Rules policy and you want to combine the rule outcomes (assignments), you will need to update the rules themselves to use the Add operator (instead of Set) to the Switchboard assignments.

Finally, you must click Apply now button to apply all of the onboarding rules to the configuration.

Warning

It's important to note that the set of user onboarding rules must provide for all the users who require access to the Switchboard. Any user who does NOT MATCH any of the existing user onboarding rules will not be able to authenticate successfully.