Single Sign-On (SSO) Authentication with Google

Introduction

In this article, you'll learn how to set up Single Sign-On (SSO) authentication with Custom Google Domain. The SSO can be implemented for both the Members and the Admin Portals.

Contents

Keep in mind that when you activate an SSO authentication, the following OfficeRnD Flex authentication services are disabled:
  • The standard login with an OfficeRnD Flex user and password
  • The "Reset password" links in OfficeRnD Flex
  • The token for authentication that employees receive when invited to the Members Portal. 

Members Portal SSO

  1. Navigate to https://console.developers.google.com/?pli=1

  2. Click Create Project and enter the project details - Name, Organization, and Location.

  3. Click Create.

    SSO_New_project.png

  4. Navigate to the OAuth consent screen and choose how you want to configure and register your app, including your target users.
  5. Start by choosing the User Type as External or Internal and click Create.

    SSO_User_Type.png
  6. Set the Application Name to OfficeRnD Flex and complete the configuration.

  7. Navigate to Credentials and click Create Credentials. Choose OAuth client ID from the menu.

    SSO_Create_credentials.png

  8. Select Application Type: Web application and set a Name

    SSO_Create_oauth.png

  9. Open your OfficeRnD Flex account in a separate browser tab.
  10. Navigate to Settings/Integrations.
  11. Expand Authentication, head to SSO Authentication, and click Activate. After activation, click Configure.

    SSO_Members_authentication.png
  12. Copy the Return URL and go back to the Redirections page in the Google Cloud Platform.

    Edit_Auth_Integration.png
  13. Find the Authorized redirect URIs section and click Add URI. Paste the Return URL you copied in Step 12 and click Create.

    Auth_direct_url.png

  14. A confirmation window pops up with the Client ID and Client Secret.

    IDs.png

    • Copy the Client ID and navigate to the OfficeRnD Flex SSO configuration window. Paste the value in the Client ID field. 
    • Copy the Client Secret and navigate to the OfficeRnD Flex SSO configuration window. Paste the value in the Client Secret field.

      Edit_Auth_Integration_IDs.png
  15. Next, we need to set the Discovery URL on the OfficeRnD Flex side, in the SSO Authentication configuration. You can follow this article to get the Discovery URL, or you can copy the URL below and enter it in the Discovery URL field:

    https://accounts.google.com/.well-known/openid-configuration

  16. Enable Automatic Account Activation - With this setting enabled, employees that already exist in OfficeRnD Flex will be allowed to log into the Portals without needing to be explicitly invited.

    Automatic_acc.png
    If this setting is disabled, employees without prior access to the Portals will need to have it Enabled by an administrator.
  17. Click Update.

Admin Portal SSO

After you have configured the Members Portal SSO, you can add your Admin Portal SSO as well.

  1. Head to Settings/Integrations/Authentication.
  2. Find Admins SSO Authentication and click Activate. Next, click Configure.

    Admins_SSO_auth.png
  3. Copy the Return URL.

    Rtrn_URL.png
  4. Open your newly created project in Google and switch to the Credentials section.
  5. Open the OAuth 2.0 Client IDs section by clicking on your project's name.

    ClientIDs.png
  6. Under the Authorized Redirect URIs click Add URL.
  7. Paste the copied Return URL and save the changes.

    url_1_2.png
  8. In OfficeRnD Flex, enter the Client ID, Client Secret, and Discovery URL. You may have obtained these while setting up SSO for Web Portals (Steps 14 and 15). They also appear when entering an Authorized Redirect URL for the first time.
Was this article helpful?
0 out of 0 found this helpful
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.