You might have hit a very common wall trying to access your Mentor Generated apps with a Member access user (IT-users / Dev).
This guide explains the two built-in authentication methods in your ODC Personal Edition, which role each plays in the normal usage of our PE and how to configure your apps to allow everyone to login.
ODC Personal Edition and Identity Providers
Personal Edition has 2 pre-built Identity Providers:
The way a user logs in depends on their role and the Identity Provider (IdP) being used.
Note: For applications generated via Mentor, the sample users are created in the Built-in Provider.
Understanding End-User Access for Organization
For users with Organization Member access within the ODC tenant, the process for accessing OutSystems applications is distinct from that of a standard end-user. For an Organization Member User, you need to log in to the app using single sign-on with your Outsystems Community account, rather than using your email address and password, as a regular end-user
In contrast, a regular end-user (one who does not have the Organization Member access type) authenticates using a more conventional method: their specific email address and a password that is typically managed within the application's user database or an integrated user store.
In summary:
IMPORTANT!! Attempting to log in as an Organization Member using the standard email and password method (as a Regular End-User would) will result in failure. The platform is specifically looking for the SSO flow tied to your Community Identity - and overcoming this is what we propose to address in this Post.
Now, what's the plan to sort this out?
This post presents a solution to overcome this roadblock by setting up an alternative login flow using the Built-in Community Identity provider.
Step 1: Add the Authentication system actions Public Elements to your App:
* Link for Documentation here.
Step 2: Adding the IdP Flow to Login screen
On the OnInitialize Client Action, fetch the configured Identity Providers in ODC Portal so that we have them listed in the login screen. For that, it will be used the GetExternalIdentityProviders:
Create a new local variable called ExternalIdentityProviders of ExternalIdentityProvider List type and assign it to the output of the GetExternalIdentityProviders client action:
Step 3: match those changes in the Login Screen UI
Add a List Element inside the created container, assign the ExternalIdentityProviders variable as source and add a button ButtonLoading as the image below shows (for the ButtonLoading isLoading property add the expression ExecutingLoginExtIdPKey = ExternalIdentityProviders.Current.Key, where ExecutingLoginExtIdPKey is a variable of type text):
Create a new Client Action for the Button On Click Event and name it LoginIdPOnClick
Add an Assign element:
ExecutingLoginExtIdPKey = ProviderKey
Place the GetExternalLoginURL and end the Flow with a Destination Node mapped for the RedirectToURL External Site.
Create an Exception Handler Flow, for all exceptions that may be raised during the execution of the action, add an assign element with the following mapping:
ExecutingLoginExtIdPKey = “”
Add a Message node with the error type and assign the Exception Handler output parameter as the message attribute:
Message = AllExceptions.ExceptionMessageThe final flow of the LoginIdPOnClick Client Action should look like this:
Step 4: Logout Flow
RedirectURL = GetOwnerURLPath()
The Client Logout Action should look like this:
This customized flow will allow our application to behave differently depending on the login method used by the end user.
Note: This practice works the same and is also valid for apps downloaded from Forge that do not have a defined Login flow for External Identity Providers.
Conclusion and Key Takeaways
Organization Member Users (IT Users/developers) in an ODC Personal Edition encounter a "login wall" when attempting to access applications created by a Mentor or installed from the Forge. This occurs because the system uses the default Identity Provider (IdP) for authentication instead of the Community Identity Provider, which is where these users are defined.
By implementing the steps presented above, your application will have implementation of an alternative login flow through the Community IdP, as shown in the screenshots listed below.
Thanks for sharing the details, @João Martins Ferreira
I’m facing a strange issue: I can invite end users to ODC PE, and they receive an email with a verification code and a “Get started” link. However, after entering the verification code, there is no option to set a password (Even though message says "You can now log in to those apps with these credentials." ) . If I remember correctly, there used to be a password-setup step.
When I return to the user list, the user shows as Active, but there is still no way to set a password.
Could you please advise if there is a workaround?
Hi Siya,
Thank you for raising this.
You are correct regarding the missing password step. Our Product Team is aware of this behavior, and a fix will be deployed soon.
Currently, there is no workaround to force the password setup for users stuck in this state. Once the fix is deployed, you will need to delete the affected users and create them again to trigger the correct flow.
Thanks for your patience!
Hi Siya, The fix was applied and you should be able to add users to your PE successfully.
Regards,
JF
Thank you very much. Its working.
I am in the same situation recently, but it is personal environment.
Is the fix also for the personal environment?
@Shingo Lam : Yes. It's fixed and works in Personal Environment.
oh great, thank you
Thanks for sharing this @João Martins Ferreira , I’ll try this out soon.
Thanks for sharing
Thanks for sharing @João Martins Ferreira
Joãoさん、情報共有本当にありがとうございます!参考にさせていただきます。
Thanks for sharing this!
Thanks for sharing!!
Hello,
Thank you very much for sharing the solution at “A Solution for the PE Login Wall: End-User Access to Apps in Personal Edition.”
This is really helpful and clarifies a frequent stumbling block for many of us using PE, the distinction between “Organization Member” login vs “regular end-user” login, and how the default authentication flow can block access. The step-by-step instructions to implement an alternative login flow using the Built-in Community Identity Provider are particularly valuable (including the necessary authentication actions, login/logout flows, and UI adjustments).
Your effort in making this clear and shareable is greatly appreciated, this will certainly make it much easier for others to configure their Personal Edition apps to support real end-user access.
Thanks again for taking the time to document and publish this solution.
Thank you for the positive feedback.
Regards
I greatly appreciate you for providing this solution regarding "A Solution for the PE Login Wall: End-User Access to Apps in Personal Edition." It's incredibly beneficial and helps to clarify a frequent misunderstanding that many of us encounter in PE—particularly the distinction between Organization Member login and standard end-user login, as well as why apps sometimes seem to be “blocked” due to default authentication.
Your explanation of the alternative login process utilizing the Built-in Community Identity Provider is very straightforward. The detailed guidance on authentication activities, the login/logout processes, and the changes in the user interface simplifies implementation in actual projects.
Thank you for taking the time to document and share this information. I am confident it will save many individuals time and prevent frustration when configuring Personal Edition apps for real end users.
Thanks once more for sharing this!
I wasn't aware this was an issue, but thanks for sharing.
Are there plans to just completely fix this by allowing Members to log in with their username and password, instead of having to implement this workaround?
Thank you for sharing. A helpful explanation of the ODC Personal Edition login challenge with a practical solution..
Thanks for sharing.
Thank you so much for sharing this information.
Thank you for sharing!
Thanks for sharing !
@João Ferreira Thanks for sharing