Setting up Bitrix24 integration with OAuth providers

Our company is engaged in the development, support and maintenance of Bitrix and Bitrix24 solutions of any complexity. From simple one-page sites to complex online stores, CRM systems with 1C and telephony integration. The experience of developers is confirmed by certificates from the vendor.
8+Years of work900+Completed projects100+In house employees19+Partners
Offered services
Showing 1 of 1 servicesAll 1626 services
Setting up Bitrix24 integration with OAuth providers
Simple
~1 business day
FAQ
Our competencies:
Development stages
Latest works
  • image_website-b2b-advance_0.png
    B2B ADVANCE company website development
    1173
  • image_bitrix-bitrix-24-1c_fixper_448_0.png
    Website development for FIXPER company
    811
  • image_bitrix-bitrix-24-1c_development_of_an_online_appointment_booking_widget_for_a_medical_center_594_0.webp
    Development based on Bitrix, Bitrix24, 1C for the company Development of an Online Appointment Booking Widget for a Medical Center
    564
  • image_bitrix-bitrix-24-1c_mirsanbel_458_0.webp
    Development based on 1C Enterprise for MIRSANBEL
    745
  • image_crm_dolbimby_434_0.webp
    Website development on CRM Bitrix24 for DOLBIMBY
    655
  • image_crm_technotorgcomplex_453_0.webp
    Development based on Bitrix24 for the company TECHNOTORGKOMPLEKS
    976
Show more works

Bitrix24 Integration with OAuth Providers Setup

Registration on corporate portal with login and password is a barrier. Employee forgets password, resets, forgets again. For portals with external users (clients, partners), problem is more acute: person doesn't want another account. Login via Google, Facebook or Apple ID reduces friction: user clicks button, confirms access — and they're in. In Bitrix24, this is handled by socialservices module.

socialservices Module

The socialservices module manages authentication via external OAuth providers. It comes in standard Bitrix24 delivery (both cloud and boxed). Module supports providers out of the box:

  • Google — OAuth 2.0 via Google Cloud Console
  • Facebook (Meta) — OAuth via Facebook for Developers
  • Apple — Sign in with Apple via Apple Developer Portal
  • Yandex, Mail.ru, VKontakte — for Russian-speaking audience
  • Microsoft Live — OAuth via Azure App Registration

Each provider is connected separately. For each, register application with provider and get Client ID and Client Secret.

Google OAuth Setup

Connecting via Google is most common scenario. Steps:

  1. In Google Cloud Console create project (or use existing).
  2. Enable Google+ API / People API.
  3. In Credentials section create OAuth 2.0 Client ID. Type: Web Application.
  4. Specify Authorized redirect URI: https://your-domain.bitrix24.by/bitrix/tools/oauth/google.php (for boxed) or appropriate cloud URL.
  5. Copy Client ID and Client Secret.
  6. In B24: Settings → Social Services → Google — paste Client ID and Client Secret, enable authentication.

After activation, "Login via Google" button appears on B24 login page. On first login, user is offered to link Google account with existing account or create new one.

Apple Sign-In Setup

Apple requires additional steps:

  • Register App ID and Services ID in Apple Developer Portal.
  • Generate Private Key for authentication (key used to create Client Secret — Apple doesn't issue static secret, secret generated as JWT).
  • Specify Return URL and Domain Verification — Apple verifies domain via DNS record.

Apple sends username only on first login. If data not saved first time — Apple won't provide it again. Must account for this in processing.

Token Handling and Security

During OAuth authorization, B24 receives access token and (optionally) refresh token from provider. Access token is used to request user profile (email, name, avatar). After getting profile, B24 creates session — further work via internal B24 authorization, OAuth token no longer used.

Security recommendations:

  • Limit list of providers — don't enable all. For corporate portal, Google and Microsoft enough.
  • Forbid account auto-creation — if portal is closed, new user via OAuth should not get access automatically. Configured in socialservices module.
  • Domain binding — allow OAuth login only for email from corporate domain (@company.com).

Account Linking

If user already has account in B24, on first OAuth login system offers to link accounts. After linking, user can login both via login/password and via provider. One user can bind multiple providers simultaneously.

Managing bindings — in user profile: Profile → Social Network Binding.

What We Configure

  • Register OAuth applications at providers (Google, Facebook, Apple)
  • Connect socialservices module and enter Client ID / Client Secret
  • Configure redirect URI and domain verification
  • Policy for account auto-creation and binding to existing users
  • Restrict OAuth login by email domain
  • Test authentication flow for each provider
1C Bitrix presentation1C Bitrix24 presentation1C Enterprise presentation