OpenID Authentication with Google

In this guide, you will learn how to authenticate yourself with Google.

Prerequisites

Create a Google Cloud project

Generate OAuth 2.0 Client IDs

  1. In your Project head to API & Services > Credentials

  2. Click CREATE CREDENTIALS and select OAuth Client ID

  3. Give it name

  4. At Authorized JavaScript origins, add your URIs. This is your instance’s complete URL. For example, https://my-enviroment.neptune-software.cloud

  5. At Authorized redirect URIs, add the following: https://my-enviroment.neptune-software.cloud/public/oidc_redirect.html

  6. Copy the following:

    1. Client ID

    2. Client secret

    3. Authorized redirect URI

      These will be used in the next step.

Configure your authentication OpenID provider in System Settings

  1. Add a new authentication and choose OpenID

  2. Enable Active and Show on login page to have the authentication active and available in the login options

  3. Add a meaningful Name,Description and Path

    Once the path is added, a folder will be created containing all OpenID information

  4. Paste the Client ID and Client secret

  5. At Discovery URI paste https://accounts.google.com/.well-known/openid-configuration

  6. At Redirect Url paste the previously copied Redirect Url

  7. At After Login Redirect Url paste https://my-enviroment.neptune-software.cloud/cockpit

  8. At Login Scopes add email openid profile. You can always add more or other scopes

  9. At Token Endpoint Authentication Method choose Client Secret Post

  10. Add your Claims Assignments. For example:

    settings open id claims

  11. Enable Only assign on first login to assign the claims, roles and department only on the first login

  12. Assign the default Roles and Departments for the new users

  13. Press OK

  14. Save and Restart the server to apply the changes

Result

You have established an OpenID authentication with Google.