Webcastcloud supports industry-standard OAuth2 protocols to enable Single Sign-On (SSO) with your preferred Identity Provider (IdP). This allows your users to securely access your Webcastcloud video platform using the same credentials they already use within your organization.
Webcastcloud acts as the OAuth2 client in this integration. Your Identity Provider is the authorization server responsible for authenticating users and issuing access tokens.
Webcastcloud supports any OAuth2-compliant provider. We support integration with many popular SSO platform, including:
- Okta
- Auth0
- Salesforce
- Azure Active Directory / Entra ID
- Google Identity Platform
- Wordpress Plugins, such as Mini Orange, WP-OAuth
- Custom OAuth2 providers
Some Association Management Software platforms also support OAuth SSO, though they may use proprietary variations of endpoints, response formats, or field names rather than strictly following the standard OpenID Connect conventions. Webcastcloud has direct integrations for their unique implementations, including:
- Membes AMS
- YourMembership by Momentive Software
- iMIS by ASI
- NoviAMS
- Personify360
-
MemberClicks by Personify
and more....
How the OAuth2 SSO Flow Works
Below is a step-by-step explanation of the OAuth2 Authorization Code flow Webcastcloud uses:
-
Anonymous Access
- A user visits your Webcastcloud site as an anonymous visitor.
- When they click Login, Webcastcloud begins the OAuth2 authentication process.
-
Authorization Request
- Webcastcloud redirects the user’s browser to your Identity Provider’s authorization endpoint.
- The request includes:
- Your Webcastcloud client ID
- Requested scopes
- The redirect URI registered with your IdP
- A unique state parameter for security
-
User Authentication
- The user is presented with your Identity Provider’s login screen.
- After entering valid credentials, the IdP authenticates the user.
-
Authorization Response
- The IdP redirects the user back to Webcastcloud via the approved redirect URI.
- This redirect includes an authorization code.
-
Token Exchange
- Webcastcloud makes a secure server-to-server call to your token endpoint.
- The authorization code is exchanged for an access token (and optionally a refresh token).
-
User Info Retrieval
- Using the access token, Webcastcloud calls your user info endpoint to obtain the user’s profile attributes.
-
User Mapping and Authentication
- Webcastcloud maps the returned attributes to your platform’s user fields (e.g., first name, email, membership status).
- The user session is established, granting them access to your video content according to your entitlements and permissions.
-
Logoff
- If a user logs out from Webcastcloud, a call can be made to your logoff endpoint to end the Identity Provider session.
Required Identity Provider Configuration
To integrate OAuth2 SSO, your Identity Provider must support:
- Authorization Code grant flow
- Issuing access tokens
- Providing a user profile endpoint returning user attributes in JSON
You will need to configure:
- A client ID and client secret for Webcastcloud
- Approved redirect URIs (Webcastcloud will supply these)
- The following endpoints:
- Authorization endpoint
- Token endpoint
- User info endpoint
- (Optional) Logoff endpoint
User Attributes
Webcastcloud retrieves user profile attributes from your user info endpoint after successful authentication.
Minimum Required Fields
At a minimum, your Identity Provider must return these fields:
- userId – Unique identifier for the user
- firstName – User’s first name
- lastName – User’s last name
- email – User’s email address
These fields are required to create and authenticate the user in Webcastcloud.
Preferred Fields (Recommended to Maximize Platform Value)
To fully leverage Webcastcloud’s entitlement and content management capabilities, we recommend including these additional fields where possible:
- membershipStatus – e.g., Active, Lapsed, Expired
- membershipType – e.g., Professional, Student, Associate
- groups – An array defining the products, events, subscriptions, or group-based content the user can access
The groups array is especially useful, as Webcastcloud maps each item to internal member groups that control access to content libraries, event recordings, and subscription materials
User Field Mapping:
Webcastcloud allows you to map your field names to our internal fields, so the integration can align with your existing identity schema.
Need Help?
If you’d like assistance configuring SSO for your organization or require a detailed integration guide for your specific Identity Provider, please contact our support team. We’ll be happy to help you through setup and testing.