Skip to main content

Google integrations

Google OAuth SSO

Google OAuth SSO

Introduction

You can activate an OAuth2.0 based Google Single Sign On at Flexopus. With this single sign on configuration, you basically allow login for all users in the world who have a Google account, and you can restrict based on their domain settings which emails can or can not log in.

💡
IMPORTANT! Please check in advance whether you want to use this simple SSO configuration variant. We generally recommend connection to a Google Workspace via SAML2. With a direct SAML2 SSO configuration, you can restrict the access of possible users only to the once that exists in your Identity Provider.
Read the article here.

During the setup process, we activate the interface for Google users for your cloud tenant and restrict the login option to email addresses with the domain @company.com. Afterward, your employees should be able to authenticate themselves directly with their Google credentials.

When they log in for the first time, Flexopus automatically creates a new user with name and email address in the backend. You can then subsequently assign special rights (e.g., Location Manager, Admin) or assign user groups to the user. An authentication check is carried out for each subsequent login.

Configuration Manual

STEP 1 - Activate Google SSO

Navigate in Flexopus to Dashboard > Settings > Authentication and create a new provider. In the pop-up select the option Google SSO.

Create a Google SSO provider

Enable the integration and set at the List of allowed domains for SSO setting which domains are able to log in: my-company.com, my-subcomany.de.

💡
Note: If you want to enable everybody set a * however, this configuration is really not recommended. Try to specify who can or can not log in.
Configure whitelist domain

Optionally, you can use also the option Require existing user profile to log in through SSO, you can specify that users can only log in with an already existing account. After activation, application access is restricted to existing user accounts. New users must be added manually.

You can also decide with the Use UPN as email setting which Google attribute you want to use for the UPN synchronization. This is an advances settings. You can leave it on the default setting.

UPN configuration

SAVE your changes.

STEP 2 - Test the configuration

Open Flexopus in a new incognito window and test the login:
https://{your-company}.flexopus.com/ or in case you have a custom domain, then go to the custom domain.

You should be able to log in with an existing or a new user, depending on how you configured the access rights in your Azure Active Directory and Flexopus.

💡
Note: The Two-Factor Authentication (2FA) will be applied based on the user's Google 2FA settings. In case you set the 2FA required in your Google Workspace account, then users will be asked in the Google authentication process to proceed with 2FA.

Once the Google SSO configured successfully, you can optionally disable the E-Mail and Password login and enforce all users to user Single Sign On. Navigate to Dashboard > Settings > Authentication. You can find two options here:

  • Disable password login
    You can disable all email and password login forms.
  • Hide login form
    You can hide the login form on the main login page with it, but there is a secondary login form ../dashboard/auth/login which you can leave open to use it for a backup admin user.
Disable emails and password login