Logins – Unidy Documentation

In the Logins section the administrator can set up everything regarding login experience of end users. This section is divided in three categories: login feature flags, social login configuration and expiry times and blocking times of links.

Login feature flag

Relevant setting and description

Relevant setting	Description
Manual login	This feature enables login and registration using email and password. If this setting is disabled the user are only able to login or register using alternative methods.
Magic link	A magic link is a secure, one-time-use URL sent to a user's email address that allows them to log in to an application or service without needing to enter a password. When the user clicks the magic link, they are automatically authenticated and granted access to their account. This method enhances security by eliminating the risks associated with password management, such as weak passwords or password reuse, and provides a convenient, user-friendly login experience.
Connect brand	Only applicable if you are using multi-brand feature. If enabled, users are explicitly asked, if they want to connect an account from a different sub-brand with a current brand.
Wallet Connect Coming Soon	This feature is not available yet, but can already be promoted as “coming soon” within the login screen.

Social logins configuration

Social logins offer several benefits, enhancing both security and user experience. By allowing users to log in with their existing social media accounts, you can reduce the friction of account creation and login processes. This leads to higher user engagement and conversion rates, as users are more likely to sign up and return when they don't have to remember yet another password. Social logins also improve security, leveraging the robust authentication measures of major social platforms. Additionally, you gain access to rich user data, enabling personalized experiences and more targeted marketing efforts. The most common social logins are Google, Facebook, Apple, LinkedIn. It is also possible to use and setup custom brand logins the same way as social logins (see MEINSTPAULI example in screenshot).

Besides credentials you can also change the look of your social logins. To change position, just change the number in Position field. To change the button layout you can choose from 3 options:

Full: the button will claim the whole width

Social login buttons on the login screen in full width

Flexible: the button will share space with the another flexible or icon button

Social login buttons on the login screen in flexible mode

Icon: the button will have only the icon

Social login buttons on the login screen as icons

How to set up social logins

To enable social login functionality in an Unidy instance, tenants must follow a series of steps to integrate the desired social login provider. While the exact steps may vary depending on the provider, the core process remains consistent. This involves creating an application on the provider's developer platform, obtaining a client ID and secret key, configuring the redirect URL, and inputting these credentials into Unidy's environment variables.

How to set up Facebook login

1. Go to Facebook developer page and log in with your facebook account.

2. Click on Create App on the upper right.

3. Type in the App name and a App contact email.

4. In the next step choose Authenticate and request data from users with Facebook Login. Afterwards click Next.

5. Add your business portfolio and finalize the app creation

6. Choose the app from the list, go to the App settings → Basic. Here you can find App Id and App Secret for your Unidy instance setup. Fill out all the necessary fields as can be seen in the pictures below.

7. Go to Facebook Login for Business → Settings → Client OAuth settings and fill out Valid OAuth redirect URIs field to whitelist your URIs as can be seen in the pictures below. Don’t forget to adapt the URLs to match your Unidy or custom domain.

❗

Please also click on App mode -> Live on top of the page

8. Navigate to your Unidy instance and go to Admin → Settings → Logins → Social Login Configuration → Facebook. Enter your App ID in the Client ID field and your App Secret in the Secret field. You can also customize the button width and position as needed. Finally, ensure that Facebook Login is enabled by selecting the Enabled checkbox. Don’t forget to click on Save button below to save your changes.

How to set up Google login

1. Log in into your Google account.

2. Go to the Google Cloud Platform https://console.cloud.google.com/ and click on the project select in the top left corner.

2. Click New project.

3. Fill in the Project name and Location and click Create.

4. Choose created project from your project list.

5. Choose the OAuth consent screen from the menu.

6. Begin by selecting Get started.

7. Fill all the fields with necessary information and click Finish when you are done.

❗

Choose External for Audience type

8. Click Create OAuth client in your created OAuth App.

9. Choose Web application in the Application type field select and add your OAuth client name which will be shown to the users. Click Create when you finished.

10. Add Redirect URIs for your OAuth App and click Save.

❗

Redirect URI usually looks like this: https://brand.unidy.de/users/auth/google_oauth2/callback. For a Multibrand just add multiple URLs. Don’t forget to adapt the URLs to match your Unidy or custom domain.

11. Navigate to your Unidy instance and go to Admin → Settings → Logins → Social Login Configuration → Google. Enter your Client ID and your Client Secret from Google Cloud. These can be found in the OAuth settings in the previous step. You can also customize the button width and position as needed. Finally, ensure that Google Login is enabled by selecting the Enabled checkbox. Don’t forget to click on Save button below to save your changes.

How to set up Apple login

❗

To set up Apple login an Apple developer account is required. To configure Apple login please follow this guide.

Required information from Unidy

Domain:

tenant.unidy.de

tenant.staging.unidy.de

Return URL:

https://tenant.unidy.de/users/auth/apple/callback

https://tenant.staging.unidy.de/users/auth/apple/callback

Required information from Apple Developer Account

Navigate to your Unidy instance and go to Admin → Settings → Logins → Social Login Configuration → Apple ID and fill in the following fields. Don’t forget to click on Save button below to save your changes.

Private Key

Team-ID (same as App ID)

Key-ID

Client-ID = Team-ID (same as Services ID)

❗

Apple has strict requirements on the button design and the button text: https://appleid.apple.com/signinwithapple/button. Textual changes can be made by your CSM manager at Unidy.

How to set up LinkedIn login

LinkedIn requires a few extra steps, because all the apps have to be linked and verified by the company.

Setting up a Company

❗

Skip this if a Company already exists.

Go to https://www.linkedin.com/company/setup/new/

Type in the required infos.

After confirming the company is set up.

Setting up the App

Go to https://www.linkedin.com/developers/apps and click on Create app on the top right.

Enter the App data and confirm.

After the App is created an admin of the previously created company has to verify this application.

For this click on the Verify button that is shown in the Settings section of the app.

This will bring up a modal with a Generate URL button.

After clicking the Generate URL button it shows a link that has to be passed on to an admin that is able to verify it.

Verifying the app

Once the admin clicked on the verification link the following screen will be shown.

After clicking on Verify the application is verified.

Getting the ID and Secret

Now that the app is verified return to the App and visit the Auth section.

Here you will find Client ID and Client Secret at the very top.

Activating the sign-in feature

Go to the Products tab and select the Sign in with Linkedin product.

In the modal click on Add product

Your request will now be reviewed by LinkedIn and then added to your app. This should only take a couple of moments.

If everything is fine, it should be moved to the Added products section on the same page.

Adding authorized redirects

Return to the Auth tab and scroll down to the Oauth 2.0 settings.

Click on the edit icon and than + Add redirect URL

Paste your Redirect Url in the field and press Update.

❗

Redirect url should look like this: http://<your unidy base url>/users/auth/linkedin/callback

How to set up Discord login

Required Information from Unidy

Client ID

Client Secret

How to create Discord SSO

Create a new application by clicking on New Application.

Name the app, add a brief description and save the contents by clicking on Save Changes.

Add the link of the corresponding service Terms of Services as well as the Privacy Policy and save changes.

Open tab OAuth2 and store the following link as a Redirect URI and save the content with by clicking on Save Change. Production: https://brand.unidy.de/users/auth/discord/callback Staging: https://brand.staging.unidy.de/users/auth/discord/callback

Copy the Client ID & Client Secret and paste them into the corresponding fields in Unidy settings. Then save the changes in Unidy.

How to set up Brand Social Login (via OIDC)

Can be used to add all Identity Providers (IdPs) that offer OIDC protocol, which includes Unidy. This allows to log in to Unidy IDs with other Unidy IDs (e.g. log in to HSV ID with FCSP ID account)

Adding OIDC IdPs as social login

Go to admin/settings

Scroll down to Openid Connect

Enter a meaningful name. This will be used later as display name on the Social Login button.

Check IdP for available scopes and add them

Enter client ID/App ID and Secret. This information is provided by IdP.

Enter Redirect-URI

URI that will be called after successful login at IdP

Should be https://brand.unidy.de/users/auth/openid_connect/callback

Must be equal to Redirect-URI given in OAuth application of IdP

Enter Issuer (host)

URL of IdP

Adding other Unidy IDs as social login

Create OAuth application in Unidy ID that you’d like to provide as social login

As redirect URI add https://brand.unidy.de/users/auth/openid_connect/callback

As scopes add openid profile email address phone

Follow steps above

URL of the Unidy ID that is used as social login looks like this: e.g. https://brand.unidy.de

Expiry times of links and blocking times until links are requested again by email

This feature provides enhanced security and control over transactional links by allowing admins to set expiry times and implement blocking periods. Admins can specify an expiry time, after which the link becomes invalid and cannot be accessed. Additionally, admins can set a blocking period, restricting the link from being requested again via email for a specified duration after it has been sent. This ensures that the link is accessible only for a limited time and reduces the risk of unauthorized access. Time can be customized based on your security requirements, from 15 seconds to 1 year depending on the setting.