Google Apps SSO

Zaius Product Enablement
  • Updated

Open in new tab share.png

Overview

Allow or enforce logging into your Zaius account with Google single sign-on (SSO).

Requirements:

  • When Google SSO is enforced, all users must log in with Google.
  • The user's email in Zaius must be the primary email within Google, not an email alias.
  • All users must have a domain that matches the domain configured or one of the domain aliases of the primary domain. For example, if your domain is configured as mydomain.com, all users must log in with a mydomain.com email.
Note: If SSO is set up but not enforced, users can log in with either SSO or Zaius credentials. If users were added during the enforcement period, they would have to request a password reset email on the login page.

Configuration

After enabling the Google Admin SDK Service, you can connect your Zaius account to Google Apps by providing the Google Client ID and Client Secret to Zaius. 

Enable the Admin SDK Service

  • Navigate to the Library page of the API Manager.
  • Select Admin SDK from the list of APIs. 
  • At the top of the Admin SDK page, click Enable.

api-manager-library_2.png

Generate the Client ID and Client Secret

  • While logged in to your Google account, go to the API Manager.
  • Create your new app by navigating to Credentials using the left-hand menu.
  • While you are on the Credentials page, click on Create a project.
  • In the dialog box that appears, provide a project name, answers to Google's email/privacy-related questions, and click Create. Google will take a moment to create your project. When the process completes, Google will prompt you to create the credentials you need. 

Create_new_project.png

  • Click on Create credentials to display a pop-up menu listing the types of credentials you can create. Select the OAuth client ID option. 

OAuth_credentials.png

  • Google will display a warning that says, "To create an OAuth client ID, you must first set a product name on the consent screen." Click Configure consent screen to begin this process.

Configure_consent_screen.png

  • Provide a product name that will be shown to users when they log in through Google.
  • Click Save. Google may show an "unverified app" screen before displaying the consent screen for your app. To remove the unverified app screen, complete the OAuth Developer Verification process.

At this point, you will be prompted to provide additional information about your newly-created app.

create-client-id-config.png

  • Select Web application, and provide a name for your app.
  • Under Restrictions, enter the following information:
  • Click Create. Your Client Id and Client Secret will be displayed:

oauth-client-info.png

Input Client ID and Client Secret

Now that your Client ID and Client Secret have been generated, you will need to provide it along with your domain and any domain aliases to Zaius. 

  • In your Zaius account, click the Account Settings Account_Settings.png icon in the main navigation bar.
  • In the sidebar, select Authentication under the General section. 
  • Provide the required information and choose whether or not you would like to enforce SSO. If SSO is set up but not enforced, users will be able to log in with either SSO or their Zaius credentials. 
  • Click Save

Log in with SSO

While on the login page, click the Sign in with SSO button to log in.

Login_with_SSO_option.png

Was this article helpful?
0 out of 0 found this helpful

Related articles