Google Provider

Activating Single Sign-On (SSO) allows users on Agile.Now platform to log in using their Google credentials, streamlining the login process and enhancing security.
With Google configured, you'll provide a seamless login experience for users and maintain organizational structure within your Agile.Now environment.

The configuration flow consists of two parts: on Google side and on Agile.Now side.

Configuring on Google platform

To configure Google for SSO, including synchronization of user groups, follow these steps.

Register a Project in Google

Register a project in Google. For general guidance, refer to Create a Google Cloud project

Create Credentials

To enable OAuth 2.0 authentication using the client credentials grant type create credentials (see more here Get your Google API client ID)

• Go to APIs & Services
• From the menu go to Credentials
• Click Create Credentials
• Choose Credentials type, e.g. OAuth Client ID
  
• Choose Application type, e.g. Web Application
  
• Click Create

A client application requests access to a protected resource. Below are next configuration steps with more details that will help you to apply the client credentials grant type.

Client ID and Secret

Copy Client ID and Client Secret. You'll need them further to link the client to the web service and configure request authentication.

Redirect URL

These URL can be obtained from the Agile.Now platform when creating a new provider. E.g. see below

Configure groups API

To allow the client to access user groups information, the Groups API should be enabled

• Go to APIs & Services
• Go to Enabled APIs and services
• Click Enable APIs and services
• Find Admin SDK API
• Click Enable
  

Configure claims

The predefined set of claims can be seen in discovery metadata. The metadata URL is https://accounts.google.com/.well-known/openid-configuration.
See Claims Mapping below to map these claims to Agile.Now claims
Browse to this URL and find the claims in claims_supported section.
Adding custom claims is not supported on Google.

Configure Users

Users can sign-in with Google using their internal credentials created by the administrator on the organisation level. You can manage internal users and groups in Directory -> Users, Groups etc. on admin console.
Additionally, external users can sign-in with their public credentials - Google email and password. To enable it

• Go to APIs & Services -> OAuth consent screen
• Make sure User Type is External
• If the application is not yet pubilshed and in Testing status, only external users added to the Test users list are allowed to sign-in
• After the application is verified and published, every external user will be able to sign-in.

See more on application verification here OAuth App Verification

Configuring SSO with Google on Agile.Now

You are now ready to integrate Google provider with the Agile.Now Platform.
Follow the steps in Configuring SSO in Agile.Now