Overview
Add OAuth providers so users can sign in with Google, GitHub, and other identity providers.
Hanzo IAM can use external OAuth applications as sign-in methods. After adding a provider, its icon appears on the login and sign-up pages. Supported OAuth providers:
| Provider | Logo | Provider | Logo | Provider | Logo | Provider | Logo |
|---|---|---|---|---|---|---|---|
| ADFS |  | Alipay |  | Amazon |  | Apple |  |
| Auth0 |  | Azure AD |  | Azure AD B2C |  | Baidu |  |
| Bilibili |  | Bitbucket |  | Box |  | Hanzo IAM |  |
| Cloud Foundry |  | Dailymotion |  | Deezer |  | DigitalOcean |  |
| DingTalk |  | Discord |  | Tiktok |  | Dropbox |  |
| Eve Online |  |  | Fitbit |  | Gitea |  | |
| Gitee |  | GitHub |  | GitLab |  |  | |
| Heroku |  | InfluxCloud |  | Infoflow |  |  | |
| Intercom |  | Kakao |  | Lark |  | Lastfm |  |
| Line |  |  | Mailru |  | Meetup |  | |
| Microsoft |  | Naver |  | Nextcloud |  | Okta |  |
| OneDrive |  | Oura |  | Patreon |  | PayPal |  |
 | Salesforce |  | Shopify |  | Slack |  | |
| SoundCloud |  | Spotify |  | Steam |  | Strava |  |
| Stripe |  | Telegram |  | TikTok |  | Tumblr |  |
| Twitch |  |  | Typetalk |  | Uber |  | |
| VK |  |  | WeCom |  |  | ||
| WePay |  | Xero |  | Yahoo |  | Yammer |  |
| Yandex |  | Zoom |  |  | SMS |  | |
| Battle.net |  |
Registering with a third-party OAuth service
You need a redirect URL (your app’s URL after login, e.g. https://github.com/hanzoai/iam/), scopes (what you request from the user), and Client ID / Client Secret from the provider. Keep the client secret private.
Adding an OAuth provider in Hanzo IAM
- Open Providers in the sidebar and click Add.
- Set Category to OAuth and choose the Type (e.g. Google, GitHub).
- Enter Client ID and Client Secret from the provider’s developer console.
User field mapping
Use User mapping to map OAuth claims (e.g. from Okta, Azure AD) to Hanzo IAM user fields.
Automatic account linking
Hanzo IAM can link OAuth logins to existing users by OAuth identity, email/phone (if enabled), or username (case-insensitive). That lets you add OAuth without manual linking.
Using the provider’s access token
After OAuth sign-in, Hanzo IAM stores the provider’s access token on the user. Your app can read it via /api/get-account and call the provider’s API (e.g. GitHub, Google Drive) on behalf of the user. Only the user and org admins can see the token. See OAuth docs.
Attaching the provider to an application
- Open Applications, edit the application.
- Add the provider and set its rules (e.g. enable for login, signup, unbind).
- Save.
How is this guide?
Last updated on