Configure

Prerequisites

Please refer to the integrate guide for more information on how to whitelist Login & Logout URL. \

Credentials & Configuration Values

To configure external Identity Providers in SCAYLE, please obtain first the Client ID, Client Secret and Redirect URL from the chosen provider. These credentials are used by the SCAYLE Auth API to initiate OAuth2/OpenID Connect authentication flows.

Mandatory

Value	Description
`Client ID`	The public identifier assigned by the Identity Provider to identify your application during the authentication process.
`Client Secret`	A confidential key used by SCYALE to securely authenticate with the Identity Provider.
`Base URL`	The base URL in an Identity Provider (IDP) configuration identifies the root address of the authorization server and ensures secure communication between your application and the IDP. For example, in Okta, the base URL is `https://{yourOktaOrg}`, which points to its built-in org authorization server. This URL is essential for enabling SSO and retrieving access tokens for Okta APIs.

Optional:

Value	Description
`isLogoutRedirectEnabled`	When enabled and `/logout/redirect` used, users are redirected to the IDP logout page (if supported) to manually log out and revoke token also externally. After successful logout, the `callbackUrl` is triggered. If disabled, logout and token revocation internally and externally are handled automatically before redirecting directly to the `callbackUrl`.
`isRevokingTokenEnabled`	Enables token revocation on the IDP side automcatically without redirect in case the `/logout` endpoint is used for logout (external token revocation only if supported by IDP). If disabled, only internal token revocation is performed.
`isValidationTokenEnabled`	Validates tokens with the IDP periodically every 5 minutes. If validation fails, a `401 Unauthorized` is returned and all tokens are revoked internally.
`referenceKey`	Optional mapping from a JWT claim (e.g., internal customer ID) to the customer object. Included in webhooks for event correlation. Still supported, but not required, as SCAYLE generates a unique `customer_id` and stores the `idp_id`.

External Documentation:

For detailed instructions on obtaining the required credentials, please refer to the official documentation or contact the support team of your chosen Identity Provider.

Provider	Documentation / Console
Google	Google Cloud Console
Apple	Apple Developer Account
Facebook	Facebook for Developers
Auth0	Auth0 Dashboard
Keycloak	Keycloak Docs – Clients
Klarna	Klarna Auth Docs
Okta	Okta Developer Console

Configure Identity Provider

This can be done in the SCAYLE Panel under Settings ➜ General ➜ Configuration ➜ Identity Provider.

Identity Providers are configured globally and can be used across all shops. For information on localizing language settings, please refer to the Customer Parameter Section in Single Sign-On Guide. which explains how to use additional localization functionalities.

Navigate to Identity Provider Section

Add a new Identity Provider

Select Available Identity Provider

Select Identity Provider out of List available Providers

Define Configuration Values

Define all specific configurations for selected Identity Provider

Please note that certain Identity Providers may require unique fields, which will be automatically populated according to SCAYLE’s internal requirements. For any questions, kindly contact your SCAYLE Account Manager.