Integration
Integration · SSO
Currently supports OAuth + email · LDAP / AD / SAML / MFA on the roadmap
Connect Evose to your enterprise identity system. Currently OAuth + email run side by side; LDAP / AD / SAML / MFA are on the roadmap.
Current Support
| Method | Status | Best for |
|---|---|---|
| Email + password | ✓ | Default |
| OAuth 2.0 | ✓ | Most IDPs (Google / Feishu / DingTalk / self-hosted IDP) |
| LDAP / AD | Roadmap | Traditional enterprise IT |
| SAML 2.0 | Roadmap | Large enterprises / finance |
| MFA | Roadmap | Strict-compliance scenarios |
OAuth Setup
1 · Create an App in the IDP
Callback URL:
Record:
- Client ID
- Client Secret
- Authorization URL
- Token URL
- UserInfo URL
2 · Configure in Evose
[Org · Settings · Authentication] → Add OAuth IDP:
3 · User Field Mapping
4 · Restrict Email Domain
Configure evose.example.com in Organization info; only this domain can join.
5 · Test
Open a fresh browser, visit the login page → choose SSO → redirect to IDP → return to Evose.
Auto-Configure Department / Role
OAuth mapping can read custom fields (e.g. department / groups) and automatically:
- Assign the correct department
- Assign the correct role
Email and SSO Coexisting
Both can be enabled simultaneously, suitable for:
- External partners (use email)
- Internal employees (use SSO)
Troubleshooting
| Symptom | Check |
|---|---|
redirect_uri_mismatch after redirect | IDP-configured callback URL matches Evose's actual domain |
invalid_scope | IDP enabled openid profile email |
| Login OK but no department assigned | UserInfo actually returns the department field |
| Cannot pass MFA | Evose's MFA is on the roadmap; rely on IDP MFA for now |
Next Steps
- Model providers → Model providers
- Centralized credentials → Credential management