- 10 Aug 2024
- 2 Minutes to read
- Print
- DarkLight
Google Provider
- Updated on 10 Aug 2024
- 2 Minutes to read
- Print
- DarkLight
Activating Single Sign-On (SSO) allows users on Agile.Now platform to log in using their Google credentials, streamlining the login process and enhancing security.
With Google configured, you'll provide a seamless login experience for users and maintain organizational structure within your Agile.Now environment.
The configuration flow consists of two parts: on Google side and on Agile.Now side.
Configuring on Google platform
To configure Google for SSO, including synchronization of user groups, follow these steps.
Register a Project in Google
Register a project in Google. For general guidance, refer to Create a Google Cloud project
Create Credentials
To enable OAuth 2.0 authentication using the client credentials grant type create credentials (see more here Get your Google API client ID)
- Go to APIs & Services
- From the menu go to Credentials
- Click Create Credentials
- Choose Credentials type, e.g. OAuth Client ID
- Choose Application type, e.g. Web Application
- Click Create
A client application requests access to a protected resource. Below are next configuration steps with more details that will help you to apply the client credentials grant type.
Client ID and Secret
Copy Client ID and Client Secret. You'll need them further to link the client to the web service and configure request authentication.
Redirect URL
These URL can be obtained from the Agile.Now platform when creating a new provider. E.g. see below
Configure groups API
To allow the client to access user groups information, the Groups API should be enabled
- Go to APIs & Services
- Go to Enabled APIs and services
- Click Enable APIs and services
- Find Admin SDK API
- Click Enable
Configure claims
The predefined set of claims can be seen in discovery metadata. The metadata URL is https://accounts.google.com/.well-known/openid-configuration.
See Claims Mapping below to map these claims to Agile.Now claims
Browse to this URL and find the claims in claims_supported section.
Adding custom claims is not supported on Google.
Configure Users
Users can sign-in with Google using their internal credentials created by the administrator on the organisation level. You can manage internal users and groups in Directory -> Users, Groups etc. on admin console.
Additionally, external users can sign-in with their public credentials - Google email and password. To enable it
- Go to APIs & Services -> OAuth consent screen
- Make sure User Type is External
- If the application is not yet pubilshed and in Testing status, only external users added to the Test users list are allowed to sign-in
- After the application is verified and published, every external user will be able to sign-in.
See more on application verification here OAuth App Verification
Configuring SSO with Google on Agile.Now
You are now ready to integrate Google provider with the Agile.Now Platform.
Follow the steps in Configuring SSO in Agile.Now