To improve your own security you can add Auth0 OAuth2 to Mention Me so that your employees can access Mention Me by logging in via Auth0. They will no longer need their password and you can manage their authentication from your own Auth0 console.
Account provisioning and the roles for each account are still managed within Mention Me.
We currently support authentication via Google, Okta, Auth0 and Azure AD. If you would like to use an alternative OAuth source please talk to your Client Account Manager.
The Security page in the Edit Brand menu item lets you set up Auth0 OAuth on the Mention Me side.
Feature overview
If desired, Mention Me can perform authentication via Auth0 OAuth for users that manage their authentication with Auth0.
- Clients using Auth0 can authenticate Mention Me users via Auth0 accounts.
- Users log in to Mention Me by authenticating with their Auth0 account.
- When enabled, Mention Me authenticates users only with Auth0 OAuth (email/password access will cease)
- For users with access to more than one Brand, users will be able to access the platform via any of the login mechanisms for those Brands (either OAuth or email/password as configured)
Note that:
- When enabling Auth0 OAuth, only accounts whose email address matches the configured domain(s) will be able to authenticate. All other accounts will lose the ability to log in.
Preliminary requirements
Using Auth0 OAuth requires the following:
-
A Auth0 account for the organization.
-
At least one domain controlled by the organization and registered to the Auth0 account.
- Users with email addresses in the domain associated with the Auth0 account.
You will need:
Before you begin these steps, you will need:
- An Auth0 administrator to perform steps in the Auth0 admin tools
- Mention Me administrator access to your account
Setup on the Auth0 side
The steps for enabling Auth0 OAuth on the Auth0 side are described below. Auth0's generic description of these steps is here.
- Go to the Auth0 Admin console
- Create a new Application to integrate SSO with Mention Me
- Enter a name for the application (e.g. "Mention Me") and select Regular Web App. Click on CREATE button
- Decide who will have access and Save with the default options
- Mention Me requires only the default scopes (name and email), so typically no additional scope configuration is required
-
In the Sign-in redirect URIs field, enter the URL found in the steps on the Mention Me side below.
Replace xxxx with the Merchant Id of your account. This redirect URL is provided in the Mention Me admin console.
https://mention-me.com/oauth/client/redirect/xxxx
- Click Save.
- Auth0 displays your client ID and your client secret and either your Auth0 Custom domain or Account name and Region.
- Copy your client ID and your client secret and domain values — you will need them to configure Mention Me below.
NOTE: Mention Me has a Live and a Demo platform. If you want login for your users to work seamlessly across both platforms you'll need to add two separate redirect URIs to Auth0.
For demo, add the URL: https://demo.mention-me.com/oauth/client/redirect/xxxx. The ID (xxxx) will be different to the one used for Live.
You can use the same Client ID and Client Secret and Account name or Custom domain.
Setup on the Mention Me side
The steps for enabling Auth0 OAuth on the Mention Me side are below.
If you want to enable access to Demo to be controlled by Auth0, you will need to repeat these steps.
-
From the Mention Me platform, while logged in as an administrator, go to Settings & Brands and then Merchant Settings
-
Under the Security group, find the Single Sign On configuration section.
-
Choose Auth0 from the SSO options
-
Enter your Auth0 Auth Settings
- Client ID and Client Secret - Copy and paste these values from the Auth0 Dashboard, as in the Auth0 setup instructions above.
-
Domains - Your organisation’s Auth0-managed domain name(s). Only users with an email address and account matching these domain(s) can log in to your Mention Me account.
-
The Account Name or Custom Domain will be a domain name or string e.g.
auth.[domain].com
-
When you save changes, your changes will be applied to all users and they will no longer be able to login via their email/passwords. It won't log your users out but it will change their login method at next login.
Default Permissions
When a user logs in with Auth0, we can automatically grant the following permissions:
- On demo we can automatically grant "Marketing" permissions to all users who login with Auth0
- On prod we can automatically grant "Customer Service" permissions to all users who login with Auth0
To enable this functionality, click the relevant checkbox on the Mention Me Auth0 setup page.
Permissions can be changed subsequently after a user has signed up by an Administrator.
Sample Email for rolling out the change to your users
Hi
- We're switching from using an email/password on the platform to using "Login via Auth0".
- This applies across both the live and demo platforms of Mention Me.
- It's better for security and easier to administer accounts internally
- It's also more convenient for you - one less password to keep track of
- You'll stop being able to login with your email/password and instead will need to click on a "Login via Single Sign On" (or Login via Auth0) link at the bottom of the login form on Mention Me
- The first time you click this you'll need to enter your [domain] email address so the platform can identify you
- The second and subsequent times you'll just click it and it will log you in
Disabling Auth0 Auth once it has been enabled
If you’d like to disable Auth0 Authentication for your Mention Me platform after it has already been enabled, just bear in mind that:
- Users can return to using email login and password, but users created since SSO was being used will not know or be sent their passwords. They will need to perform a reset password (or you can trigger it via Mention Me) in order to receive a link to be able to recover their passwords.