OpenID authentication with Google

In this guide, you will learn how to authenticate yourself with Google.

Prerequisites

Create a Google Cloud project

Generate OAuth 2.0 client IDs

  1. In your Project head to API & Services > Credentials

  2. Click CREATE CREDENTIALS and select OAuth Client ID

  3. Give it name

  4. At Authorized JavaScript origins, add your URIs. This is your instance’s complete URL. For example, https://my-enviroment.neptune-software.cloud

  5. At Authorized redirect URIs, add the following: https://my-enviroment.neptune-software.cloud/public/oidc_redirect.html

  6. Copy the following:

    1. Client ID

    2. Client secret

    3. Authorized redirect URI

      These will be used in the next step.

Configure your authentication OpenID provider in System Settings

  1. Add a new authentication and choose OpenID

    1. Enable Active and Show on login page to have the authentication active and available in the login options.

    2. Add a meaningful Name,Description and Path.

      Once the path is added, a folder will be created containing all OpenID information.

    3. Paste the Client ID and Client secret.

    4. At Discovery URI paste https://accounts.google.com/.well-known/openid-configuration.

      1. At Redirect Url paste the previously copied Redirect Url.

    5. At After Login Redirect Url paste https://my-enviroment.neptune-software.cloud/cockpit.

    6. At Login Scopes add email openid profile. You can always add more or other scopes.

    7. At Token Endpoint Authentication Method choose Client Secret Post

  2. Add your Claims Assignments. For example:

    settings open id claims

  3. If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit. ..Enable Only assign on first login to assign the claims, roles and department only on the first login.

  4. Press OK

  5. Save and Restart the server to apply the changes.

Result

You have established an OpenID authentication with Google.