Hey nwmac!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

Codecov Report

Merging #2928 into v2-master will decrease coverage by 0.02%.
The diff coverage is 60.71%.

@@              Coverage Diff              @@
##           v2-master    #2928      +/-   ##
=============================================
- Coverage      71.34%   71.32%   -0.03%     
=============================================
  Files            604      604              
  Lines          25868    25919      +51     
  Branches        5861     5870       +9     
=============================================
+ Hits           18455    18486      +31     
- Misses          7413     7433      +20

I just tried this locally. They should be asked to enter in the UI the cliendid and secret for the endpoint they are trying to add. And they should be given the redirect uri that needs to be set on that clientid e.g. https://localhost:4200/pp/v1/auth/sso_login_callback

Or I guess once you have client id and secret you could automatically add the necessary redirect_uri

@andrewghobrial When an endpoint is registered, the user/admin will specify the client id and secret - this PR: #2920 adds this into the UI.

I am just making a change, so that they will also have a check box to allow the UI to use SSO for the endpoint - when they check this, we will show a note to let them know that they must configure the client's redirect uri.

We'll only allow users to connect using SSO to endpoints that have been flagged as safe for SSO - i.e. where the admin/user who registered them checked the box to indicate that the redirect uri had been configured.

Does that make sense?