Overview
Allow or enforce logging into your Zaius account with Google single sign-on (SSO).
Requirements:
- When Google SSO is enforced, all users must log in with Google.
- The user's email in Zaius must be the primary email within Google, not an email alias.
- All users must have a domain that matches the domain configured or one of the domain aliases of the primary domain. For example, if your domain is configured as mydomain.com, all users must log in with a mydomain.com email.
Note: If SSO is set up but not enforced, users can log in with either SSO or Zaius credentials. If users were added during the enforcement period, they would have to request a password reset email on the login page.
Configuration
After enabling the Google Admin SDK Service, you can connect your Zaius account to Google Apps by providing the Google Client ID and Client Secret to Zaius.
Enable the Admin SDK Service
- Navigate to the Library page of the API Manager.
- Select Admin SDK from the list of APIs.
- At the top of the Admin SDK page, click Enable.
Generate the Client ID and Client Secret
- While logged in to your Google account, go to the API Manager.
- Create your new app by navigating to Credentials using the left-hand menu.
- While you are on the Credentials page, click on Create a project.
- In the dialog box that appears, provide a project name, answers to Google's email/privacy-related questions, and click Create. Google will take a moment to create your project. When the process completes, Google will prompt you to create the credentials you need.
- Click on Create credentials to display a pop-up menu listing the types of credentials you can create. Select the OAuth client ID option.
- Google will display a warning that says, "To create an OAuth client ID, you must first set a product name on the consent screen." Click Configure consent screen to begin this process.
- Provide a product name that will be shown to users when they log in through Google.
- Click Save. Google may show an "unverified app" screen before displaying the consent screen for your app. To remove the unverified app screen, complete the OAuth Developer Verification process.
At this point, you will be prompted to provide additional information about your newly-created app.
- Select Web application, and provide a name for your app.
- Under Restrictions, enter the following information:
- Authorized JavaScript origins: https://sso.zaius.com
- Authorized redirect URI: https://sso.zaius.com/login/callback
- Click Create. Your Client Id and Client Secret will be displayed:
Input Client ID and Client Secret
Now that your Client ID and Client Secret have been generated, you will need to provide it along with your domain and any domain aliases to Zaius.
- In your Zaius account, click the Account Settings
icon in the main navigation bar.
- In the sidebar, select Authentication under the General section.
- Provide the required information and choose whether or not you would like to enforce SSO. If SSO is set up but not enforced, users will be able to log in with either SSO or their Zaius credentials.
- Click Save.
Log in with SSO
While on the login page, click the Sign in with SSO button to log in.