SSO Configuration - Google Identity Platform
This guide will walk you through integrating Single Sign-On (SSO) with Google Identity Platform (GIP) using OpenID Connect (OIDC) to enable your users to access InfoSum using their Google credentials. With this setup, user authentication will be managed securely by Google’s identity provider, streamlining your access management process.
To complete the integration, you will:
- Register your application with Google Cloud.
- Configure authentication settings.
- Retrieve key credentials (Client ID, Client Secret, and OIDC Discovery URI).
At the end of this guide, you’ll also find troubleshooting tips for common integration challenges.
Note: Make sure you have administrative access to Google Cloud to register an app. If you’re unfamiliar with app registration, you can refer to Google's OpenID Connect documentation.
Step-by-Step Guide
Step 1: Register a New Application in Google Cloud
- Log in to Google Cloud Platform: Start by logging into the Google Cloud Platform
-
Select or Create a Project:
-
Option 1: Select an existing project
- Click the “Select a Project” drop-down at the top of the page, next to the search bar.
-
Option 2: Create a new project
- Open the project selector in the top left.
- Click New Project, then enter a Project Name, select an organization or folder (if applicable), and click Create.
-
Option 1: Select an existing project
Step 2: Configure OAuth Consent Screen
-
Navigate to OAuth Consent Screen in Google Cloud Console:
- Go to APIs & Services > OAuth Consent Screen.
-
Set the Application Type:
- Choose External or Internal based on your needs.
-
Fill in Required Fields:
- Enter the Application Name and Support Email.
- Add infosum.com under Authorized domains.
- Save and proceed.
Step 3: Configure OAuth 2.0 Client ID and Secret
-
Go to Credentials:
- In Google Cloud Console, navigate to APIs & Services > Credentials.
-
Create OAuth Client ID:
- Click + CREATE CREDENTIALS > OAuth Client ID.
- Choose Web Application as the application type.
-
Enter Redirect URI:
-
Under Authorized Redirect URIs, enter the redirect URL provided by InfoSum.
- Format: https://accounts.infosum.com/authorization-code/callback/{customername-IDPType}
- Example: https://accounts.infosum.com/authorization-code/callback/infosum-google
-
Under Authorized Redirect URIs, enter the redirect URL provided by InfoSum.
-
Generate Client ID and Client Secret:
- Click Create to generate the Client ID and Client Secret.
- Save these values securely.
Step 4: Retrieve the Required Credentials
- Client ID: The public identifier for your app. Find it in the Overview page of your registered app.
- Client Secret: Use the client secret generated in Step 3.
- OIDC Discovery URI: https://accounts.google.com/.well-known/openid-configuration
Provide Information to InfoSum
After completing the above steps, share the following information with InfoSum:
- Client ID: The public identifier for your app.
- Client Secret: A confidential value used to authenticate your app.
- OIDC Discovery URI: https://accounts.google.com/.well-known/openid-configuration
Once InfoSum completes the setup, you can test your login by using the direct login URL:
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-google
Alternatively, you can use the "Sign in with Private SSO" option at the bottom of the InfoSum login screen. This will direct you to the Google login portal after you enter your email address.
Common Issues and Troubleshooting
-
Invalid Redirect URI
- Ensure the redirect URL in your Google OAuth configuration matches exactly with the URL provided by Infosum.
-
Consent Screen Errors
- If using an Internal app, only users from the same Google Workspace can access the app.
- For External apps, ensure that all required fields in the consent screen are filled correctly.
-
401 Unauthorized Errors
- This can happen if the Client Secret is incorrect or expired. Regenerate the secret if necessary.
-
Token Validation Issues
- Verify that the token endpoint and discovery document are reachable and correctly configured.
Conclusion
By following this guide, you will successfully configure SSO with Google Identity Platform. With the integration complete, your users can log in to InfoSum securely using their Google accounts.
If you encounter any issues during setup, please contact our support team at support@infosum.com