Google Identity Provider Connection
The EmpowerID SSO framework allows you to configure Google as an identity provider (IdP) for EmpowerID. EmpowerID integrates with Google using OAuth 2.0.
Prerequisites:
Before configuring Google as an OAuth Identity Provider in EmpowerID, you need to meet the following conditions:
You must have a Google developer account
Create an application for EmpowerID in Google
Once the IDP Connection has been set up for Google, you can create a link similar to the one below to allow users to login to EmpowerID using Google.
https://FQDN_OF_YOUR_EMPOWERID_SERVER/WebIdPForms/Login/Portal/Google?returnUrl=%2FWebIdPForms%2F
Be sure to replace FQDN_OF_YOUR_EMPOWERID_SERVER
with the FQDN of your EmpowerID server.
Steps
To configure Google as an Identity Provider for EmpowerID, you need to do the following:
Create an application for EmpowerID in Google
Configure the default Google OAuth Provider app
Add a Login button for Google to the EmpowerID Login page
Test the OAuth provider app
Create an application for EmpowerID in Google
To allow users to authenticate to EmpowerID using their Google credentials, you must register EmpowerID as an OAuth application in the Google developer console. See Google’s article at Overview | Authentication | Google for Developers for directions on how to do this. During the app registration process, Google will generate an Client ID and Client secret for the application. You will use these when you create an OAuth Provider App for Google in EmpowerID.
When creating an application for EmpowerID in Google, set the following:
Setting | Value |
---|---|
Display Name | Name of the application you are creating. This can be any value. |
Authorized redirect URIs |
|
Configure the default Google OAuth Provider app
On the navbar, expand Single Sign-On > SSO Connections and select OAuth / OpenID Connect.
Select the External OAuth Services tab and then search for Google.
Click the Provider link for Google.
On the External OAuth Provider Details view, click the Edit button for the default Google OAuth provider app.
Under General Settings, fill in the following information and then click Save.
Field | Description |
---|---|
Consumer Key | Client ID generated by Google |
Consumer Secret | Client Secret generated by Google |
Is Identity Provider | Select this option to flag the OAuth provider as an Identity Provider app. |
Select existing Account Directory | Select Google to place authenticated users in the selected account store. |
Select Existing OAuth Scope | Select Google |
Callback Url | This is the URI that Google redirects users after they have authenticated with Google. The URL should look like the following: |
Add a Login Button for Google
On the navbar, expand Single Sign-On > SSO Connections and select SSO Components.
On the IdP Domain Details view, select the IdP Domains tab and then click the IdP Domains link for the IdP Domain where you want the Login tile to appear.
Select the External OAuth Providers tab and then select the Google provider.
Click Save.
To give users the ability to log in using their EmpowerID credentials, be sure to select EmpowerID from the SAML Identity Providers tab of the IdP Domain Details page.
Test the OAuth Provider App
Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the Google IdP connection.
Click the Login Using Google button.
Enter your Email or phone number in the Sign in with Google page and click Next.
Follow the prompts from Google to complete the login process.
You should be authenticated to EmpowerID.
IN THIS ARTICLE