Skip to content
Last update: September 4, 2024

Add Google as SSO Provider

To integrate Google as a new SSO provider, install the Google SSO module. After that:

  1. Create Google OAuth 2.0 Client.
  2. Set the appsettings.json file.
  3. Manage Platform settings.

Create Google OAuth 2.0 Client

To integrate Google APIs with your application using OAuth 2.0, you need to create authorization credentials. These credentials will allow your app to access the enabled APIs for your project:

  1. Go to the Google API & Services Console.
  2. Create a new project if you don't have one, then open the project dashboard.
  3. Configure OAuth consent screen. In the OAuth consent screen tab:
    1. Select User TypeExternal and click Create.
    2. Fill in the App Information (name, user support email, and developer contact information).
    3. Skip the Scopes and Test users sections for now.
    4. Review your settings and return to the dashboard.
  4. Navigate to the Credentials tab, select Create credentialsOAuth client ID.
  5. Choose Web application as the Application type and name your credentials.

  6. In the Authorized redirect URIs section, click ADD URI to specify the redirect URI. Ensure your platform uses HTTPS; otherwise, SSO will not function correctly.

    Note

    If your platform runs on a local machine, put https://localhost:10645/signin-google.

  7. Click Create.

  8. Save Client ID and Client Secret to use them in the module.

Set appsettings.json file

Store Google Client ID, secret values and other sensitive settings in KeyVault Storage. In our example, we use the appsettings.json configuration file. Add the following section to the configuration:

appsettings.json
"Google": {
    "Enabled": true,
    "AuthenticationType": "Google",
    "AuthenticationCaption": "Google",
    "ClientId": "<your Client ID>",
    "ClientSecret": "<your Client Secret>",
    "DefaultUserType": "Manager"
},

Manage Platform settings

Configure store settings:

  1. Click Stores in the main menu.
  2. In the next blade, select the desired store.
  3. In the next blade, click on the Authentication widget.

  4. In the next blade, enable/disable Google sign-in for the selected store.

    Configure authentication types

    Note

    By default, all registered authentication types are enabled.

  5. Click Save to save the changes.

The GraphQL query confirms that authentication via Google AD is enabled:

Query

The Google authentication button appears on the login page of the Frontend Application:

Google button