Ultimate SSO - OAuth Plugin for RISE CRM

Comprehensive OAuth Single Sign-On plugin for Rise CRM with support for Google, Microsoft, Apple, Facebook, GitHub, and Envato. Streamline authentication with automatic account creation and attendance management.

Buy Now on CodeCanyon View Demo Documentation
🔐
OAuth Single Sign-On
6 Providers Supported
The Smart Choice

Why Teams Choose Ultimate SSO

Multi-Provider Support

Support for 6 major OAuth providers including Google, Microsoft, Apple, Facebook, GitHub, and Envato—all in one plugin.

🔒 Security First

Built with CSRF protection, state verification, and secure token handling to ensure your users' data is always protected.

Zero Code Edits

Plug-and-play with RISE CRM; install, configure your OAuth providers, and you're ready to go—no developer required.

👥 Flexible User Management

Support for both team members and clients with automatic account creation and optional attendance clock-in integration.

Try It Now

See Ultimate SSO in Action

Explore a Live Demo

  • Test all 6 OAuth providers
  • Experience seamless authentication flow
  • See automatic profile creation
  • View attendance integration
  • Test theme-aware UI
Launch Live Demo
🚀
Live Demo Available
Results

The Benefits You'll See

🎯

Faster Sign-ins

Users authenticate in seconds with their existing accounts

🔑

Better Security

Leverage enterprise-grade OAuth security from trusted providers

👨‍💼

Improved UX

Theme-aware UI that matches your RISE CRM installation

⏱️

Time Savings

Auto clock-in and account creation reduce administrative overhead

Capabilities

Complete Feature Set

🔐

Multi-Provider Support

Google, Microsoft, Apple, Facebook, GitHub, and Envato OAuth integration

👥

Flexible User Management

Support for both team members and clients with configurable permissions

Auto Account Creation

Automatic client account creation for new OAuth users

Attendance Integration

Auto clock-in for team members when enabled in settings

🎨

Theme-Aware UI

Adapts to Rise CRM theme colors and dark mode preferences

🔒

Security First

CSRF protection, state verification, and secure token handling

⚙️

Easy Configuration

Simple setup with copy-to-clipboard redirect URIs

🌍

Language Support

Full internationalization support for all features

Process

How It Works

1

Install & Activate

Upload the plugin to /plugins/UltimateSSO/ and activate it from Settings > Plugins in your RISE CRM admin panel.

2

Configure Providers

Set up OAuth credentials for your desired providers in Settings > Integrations > Ultimate SSO. Copy redirect URIs with one click.

3

Start Authenticating

Users can now sign in with their preferred OAuth provider. New client accounts are created automatically if enabled.

OAuth Providers

Supported Authentication Providers

Google OAuth

OpenID Connect protocol with email, name, and profile picture retrieval

Microsoft OAuth

Azure Active Directory integration for personal and organizational accounts

Apple OAuth

Privacy-focused Sign In with Apple using JWT token validation

Facebook OAuth

Access to Facebook profile and email through Graph API

GitHub OAuth

GitHub profile authentication with verified email retrieval

Envato OAuth

Envato Market user authentication with purchase history access

Comparison

Ultimate SSO vs Traditional Authentication

Feature Ultimate SSO Traditional Auth
Multiple OAuth Providers
No Password Required
Auto Account Creation
Attendance Integration
Theme-Aware UI Partial
Security (CSRF, State Verification) Basic
Questions

Frequently Asked Questions

Ultimate SSO supports 6 major OAuth providers: Google, Microsoft (Azure AD), Apple, Facebook, GitHub, and Envato. Each provider can be individually enabled or disabled in the plugin settings.
Yes! The plugin supports OAuth authentication for both team members and clients. You can configure separate permissions for each user type, including automatic account creation for new clients and attendance clock-in for team members.
No, Ultimate SSO is a complete plugin that doesn't require any modifications to RISE CRM core files. It integrates seamlessly with the existing authentication system through RISE CRM's plugin architecture.
When enabled, team members are automatically clocked in when they sign in through OAuth. This feature requires the RISE CRM attendance module to be active. You can enable or disable this feature in the plugin settings.
Absolutely! Each OAuth provider can be individually enabled or disabled. You only need to configure the providers you want to use, and only those will appear on your login pages.
Yes! Ultimate SSO implements industry-standard security measures including CSRF protection, OAuth state verification, secure token handling, and follows OAuth 2.0 best practices. All authentication flows are encrypted and validated.
OAuth Provider Setup

Complete Setup Guides

Detailed step-by-step instructions for configuring each OAuth provider. Select a provider below to view its setup guide.

Google OAuth Setup

Standard OAuth 2.0 integration for Google accounts

How it works: Google OAuth uses the OpenID Connect protocol to authenticate users and retrieve their profile information including email, name, and profile picture.

Setup Steps:

  1. Go to Google Cloud Console
  2. Create a new project or select existing
  3. Enable Google+ API (or Google People API)
  4. Navigate to Credentials > Create Credentials > OAuth 2.0 Client IDs
  5. Set application type to "Web application"
  6. Add the redirect URI from Ultimate SSO settings
  7. Copy Client ID and Client Secret to Ultimate SSO settings

OAuth Flow:

Authorization URL: https://accounts.google.com/o/oauth2/auth

Token URL: https://oauth2.googleapis.com/token

Profile URL: https://www.googleapis.com/oauth2/v2/userinfo

Required Scopes: openid, email, profile

Profile Data:

User ID, Email address, Full name, First/last name, Profile picture URL

Microsoft OAuth Setup

Azure Active Directory integration for personal and organizational accounts

How it works: Microsoft OAuth integrates with Azure Active Directory to authenticate both personal Microsoft accounts and organizational accounts.

Setup Steps:

  1. Go to Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Click "New registration"
  4. Copy Directory (tenant) ID and Application (client) ID
  5. Go to "Certificates & secrets" > Create new client secret
  6. Copy the secret value to Ultimate SSO settings

Profile Data:

User ID, Email address, Display name, Given name, Surname

Apple OAuth Setup Detailed

Privacy-focused authentication with JWT validation and email relay

How it works: Apple's Sign In with Apple provides privacy-focused authentication with optional email relay service and requires JWT token validation.

Key Steps:

  1. Go to Apple Developer Portal
  2. Create an App ID with "Sign In with Apple" capability
  3. Create a Services ID for web authentication
  4. Configure redirect URLs in Services ID settings
  5. Create a Private Key (.p8 file) - downloadable only once!
  6. Note your Team ID and Key ID
  7. Configure all IDs and the private key in Ultimate SSO settings

Important Notes:

✓ HTTPS Required in production

✓ Custom redirect URI supports ngrok/staging environments

✓ Private key (.p8) can only be downloaded once from Apple

Facebook OAuth Setup

Graph API integration for social authentication

How it works: Facebook OAuth provides access to user's basic profile information and email through Facebook's Graph API.

Setup Steps:

  1. Go to Facebook Developers
  2. Create a new app or select existing
  3. Add "Facebook Login" product
  4. Configure Valid OAuth Redirect URIs
  5. Copy App ID and App Secret to Ultimate SSO settings

Profile Data:

User ID, Email address, Full name, Profile picture URL

GitHub OAuth Setup

Developer authentication with User-Agent requirements

How it works: GitHub OAuth authenticates developers and provides access to their profile. GitHub requires a User-Agent header for all API requests.

Setup Steps:

  1. Go to GitHub Developer Settings
  2. Create a new OAuth App
  3. Set Homepage URL and Authorization callback URL
  4. Copy Client ID and Client Secret to Ultimate SSO settings

Special Requirements:

✓ User-Agent header required for all API requests

✓ Email may require separate /user/emails endpoint call

Envato OAuth Setup

Marketplace authentication for Envato users and authors

How it works: Envato OAuth provides authentication for Envato Market users and access to their account information, purchase history, and marketplace activity.

Setup Steps:

  1. Go to Envato API
  2. Create a new application
  3. Configure App name, URL, and Redirect URL
  4. Select required scopes (view account details, username)
  5. Copy Client ID and Client Secret to Ultimate SSO settings

Available Scopes:

✓ view_user_username - Access to username

✓ view_user_account - Access to account details

✓ view_user_purchases - Access to purchase history

✓ download_user_purchases - Access to purchase downloads

Need Help?

Our support team is ready to assist with any questions about OAuth provider setup or configuration. We typically respond within 24 hours.

Contact Support →
Updates

Changelog

Version 1.0.0
Initial Release - February 2026
  • Support for Google, Microsoft, Apple, Facebook, GitHub, and Envato OAuth
  • Team member and client authentication
  • Auto account creation for new users
  • Attendance integration with auto clock-in
  • Theme-aware UI with dark mode support
  • CSRF protection and secure token handling
  • Copy-to-clipboard redirect URIs
  • Full internationalization support
  • Comprehensive error handling and logging