Skip to content

Google Configuration

Google provides an OAuth 2 and OpenID Connect APIs to allow customers to use their Google identity for authentication. This does require some configuration on the Google side as well as configuring SIFF.

Start SIFF Configuration

First begin by editing the organization within SIFF and selecting Google as the provider type. The dialog will update with some additional fields as shown below. For now do not worry about the Provider ID or Provider Secret, these will be provided once the Google configuration is completed.

EditOrgExternalAuthGoogle

Keep this open for now, continue below with a new browser tab/window.

Setup Google

Now we'll need to configure the Google side. Refer to Google's OpenID Connect documentation for complete details however the following steps should guide through the necessary configuration. These steps must be performed by a google user with appropriate administrator privileges.

  1. Launch the Google API Console. This will take you to the Google Cloud Platform -> API & Services dashboard.
  2. Create a new project for SIFF authentication using the Create Project button. Call the project "SIFF" and make sure to select the correct Organization (possibly only one, but if your company has multiple managed domains there will be more than one option).
  3. Configure the OAuth consent screen. When SIFF redirects to Google for authentication the consent screen is shown so that users are aware.
    1. User Type: select Internal and then Create
    2. OAuth consent screen (step 1):
      1. App name: SIFF
      2. User support email: contact within your organization regarding SIFF
      3. App logo: leave blank
      4. Application home page: https://siff.io
      5. Application privacy policy: http://docs.siff.io/legal/privacy/
      6. Application terms of service: http://docs.siff.io/legal/terms/
      7. Authorized domains: siff.io
      8. Developer contact: contact within your organization regarding SIFF
      9. Save and Continue
    3. Scopes (step 2):
      1. Add the following scopes:
        • /auth/userinfo.email
        • /auth/userinfo.profile
        • openid
      2. Save and Continue
    4. Summary (step 3) - continue back to the dashboard
  4. Setup credentials. On the Credentials page, click the Create Credentials button and select OAuth client ID
    1. Application type: Web application
    2. Name: SIFF
    3. Authorized redirect URIs: copy and paste the Login Redirect URL from the External Auth tab in the SIFF Edit Organization dialog
    4. Click the Create button. This will pop up a dialog showing Your Client ID and Your Client Secret. These will be needed to complete the SIFF side of the configuration.

Complete SIFF Configuration

Switch back to the SIFF Edit Organization dialog:

  1. Copy the Your Client ID into the Provider ID field.
  2. Copy the Your Client Secret into the Provider Secret field.
  3. Save Organization to save and close the dialog.

With the configuration complete refer to the External Auth - Configuring Users section to switch/invite users to use the external authentication provider and test it out.