LeadSquared Security Settings – Authentication Provider

1. Feature Overview

As an alternative to logging in with your LeadSquared credentials, you can configure your account to enable log-in through the following third-party authentication providers –

Note: This article contains instructions on setting up Google, API or Okta as your authentication provider. For instructions on –

 

2. Prerequisites

  • Only LeadSquared admins can configure the authentication provider for an account.
  • To make Google your authentication provider, your Google Id and LeadSquared email Id must be the same.
  • The API is not available by default. Contact us at support@leadsquared.com to enable it for your account. Also,
    • Your user id/email address in the third-party application must be the same as your LeadSquared email Id.
    • You must expose an API URL that is accessible over the internet.

 

3. Authentication Provider Settings

  1. Navigate to My Profile>Settings>Security>Authentication Provider.
  2. Click Alongside Enable Third Party Authentication Provider, enable the enable authentication slider .

LeadSquared Authentication Provider

 

3.1 Google

Here’s how to use Google as your authentication provider and log-in to LeadSquared with your Google credentials –

1. Once you enable the third party authentication provider setting, on the Choose Authentication provider pop-up, click Google.

choose auth provider

2. Click the Sign-in with Google button, then enter your Google credentials and sign-in.

test google authentication provider

3. From this point on, you’ll be prompted to enter your Google credentials on logging-in to LeadSquared.

sign in with google

 

4. API

You can use the credentials of a third-party tool to log in to LeadSquared. Ensure that the user/email Id in the tool is the same as the LeadSquared email Id. Expose an API that is accessible over the internet and use the settings below to configure what data you want to pass.

After enabling the third-party authentication provider setting, on the Choose Authentication provider pop-up, click API.

generic API Auth Provider

On the Configure Authentication Provider pop-up, enter the details of the API you’ve exposed. When you’re done, click Test.

Configure Auth Provider Settings

FieldDescription
Request TypeChoose HTTP request method as either GET or POST.
API URLSelect either http:// or https:// and enter your API URL here. Type @ to use mail merge fields in the query string.
Content TypeCurrently, data can only be sent as application/json.
Request HeadersYou can pass multiple request headers here.
Request BodyIf you select the Request Type as POST, you can enter a valid json in the request body. Type @ to make use of mail merge fields
Success KeywordThis is the success keyword that should be present in a successful response.
Error KeywordThe error keyword that should be present in the error response.
Note: To send passwords,  you must type the mail merge field @{User:Password ,}. For IP address, you must enter @{User:ClientIP ,}. These fields will not show up in the mail merge dropdown that appears when you type @.

Now enter your credentials, and click Enable.

api auth step 3 of 3

 

5. Okta

Note: To get the Okta authentication provider enabled on your LeadSquared account, contact your account manager, or write to support@leadsquared.com.

5.1 Steps in Okta

Before you enable the Okta authentication provider on LeadSquared, complete the following steps on your Okta account

  • Create an OIDC app in Okta. To know how to do this, refer to Create OIDC app integrations using AIW.
  • Keep the following points in mind when creating the OIDC app –
    • The Application Type should be Native apps.
    • The Grant Type should be Implicit (hybrid). Once Implicit (hybrid) is selected, enable the following settings –
      • Allow ID Token with implicit grant type
      • Allow Access Token with implicit grant type
    • Set the Sign-In Redirect URL for –
      • Web as https://login.leadsquared.com/Home/SignInWithSSO
      • Android mobile devices as com.leadsquared.nextgen:/login
      • iOS mobile devices as com.LeadSquaredNextGen.com:/login
    • Set the Sign-Out URL for –
      • Android mobile devices as com.leadsquared.nextgen:/logout
      • iOS mobile devices as com.LeadSquaredNextGen.com:/logout
    • Based on your LeadSquared account region, enter the following additional URL –
      • If your LeadSquared account is in the Mumbai (India) region – https://login-in21.leadsquared.com/Home/SignInWithSSO
      • If your LeadSquared account is in the USA region – https://login-us11.leadsquared.com/Home/SignInWithSSO
      • If your LeadSquared account is in the Ireland region – https://login-ir31.leadsquared.com/Home/SignInWithSSO
      • If your LeadSquared account is in the Singapore region, only the default URL is required. No additional URL is required.

 

5.2 Steps in LeadSquared

On the Configure Authentication Provider pop-up, enter the following details –

  • Provider Name – A display name for the Sign-in button.
  • Client ID – The Client ID that was generated after you created the OIDC app in Okta.
  • OpenID Connect Metadata URL – To obtain the OIDC app’s metadata URL, refer to OpenID Connect & OAuth 2.0 API. On this page, use the following URL – https://${yourOktaDomain}/oauth2/${authorizationServerId}/.well-known/openid-configuration

Once you enter the details, click Test. Once you’re satisfied with the login flow, click Enable. Once enabled, your users can enter their Okta login credentials when logging in to LeadSquared.

LeadSquared Authentication Provider

 

Any Questions?

If you have questions, go ahead and start a discussion in the comments section below. We’ll get back to you ASAP!

Was this Helpful?

Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Nathan
Nathan
1 year ago

If third party authentication is turned on, do users get a choice to use it or not? And, can it be bypassed (i.e., is there a direct link that will bypass SSO?).

Sri Sudhan
Admin
Reply to  Nathan
11 months ago

Hi, Nathan. Thanks for writing to us. Once enabled, we do not support the option to bypass third-party authentication. There’s no direct link to bypass third-party authentication either. It becomes mandatory for all users in your organization. Hope this helps!