Google OAuth SSO
Introduction
You can activate an OAuth2.0 based Google Single Sign On at Flexopus. With this single sign on configuration, you basically allow login for all users in the world who have a Google account, and you can restrict based on their domain settings which emails can or can not log in.
Read the article here.
During the setup process, we activate the interface for Google users for your cloud tenant and restrict the login option to email addresses with the domain @company.com. Afterward, your employees should be able to authenticate themselves directly with their Google credentials.
When they log in for the first time, Flexopus automatically creates a new user with name and email address in the backend. You can then subsequently assign special rights (e.g., Location Manager, Admin) or assign user groups to the user. An authentication check is carried out for each subsequent login.
Configuration Manual
STEP 1 - Activate Google SSO
Navigate in Flexopus to Dashboard > Settings > Authentication
and create a new provider. In the pop-up select the option Google SSO
.
Enable the integration and set at the List of allowed domains for SSO
setting which domains are able to log in: my-company.com
, my-subcomany.de
.
*
however, this configuration is really not recommended. Try to specify who can or can not log in.Optionally, you can use also the option Require existing user profile to log in through SSO
, you can specify that users can only log in with an already existing account. After activation, application access is restricted to existing user accounts. New users must be added manually.
You can also decide with the Use UPN as email
setting which Google attribute you want to use for the UPN synchronization. This is an advances settings. You can leave it on the default setting.
SAVE
your changes.
STEP 2 - Test the configuration
Open Flexopus in a new incognito window and test the login:https://{your-company}.flexopus.com/
or in case you have a custom domain, then go to the custom domain.
You should be able to log in with an existing or a new user, depending on how you configured the access rights in your Azure Active Directory and Flexopus.
Once the Google SSO configured successfully, you can optionally disable the E-Mail and Password login and enforce all users to user Single Sign On. Navigate to Dashboard > Settings > Authentication
. You can find two options here:
- Disable password login
You can disable all email and password login forms. - Hide login form
You can hide the login form on the main login page with it, but there is a secondary login form../dashboard/auth/login
which you can leave open to use it for a backup admin user.