Configuring SGNL for SSO with Google Workspace

Prerequisites

• A SGNL user with an Admin role
• User accounts created in SGNL for any user wanting to perform SSO
• An understanding of the ‘Authentication’ steps detailed for Google Workspace
• A user with permissions in Google Workspace to configure OAuth Consent and an OAuth Client, as detailed in the above guide

Configuring Google Workspace

Google Workspace details the steps necessary to get going with Authentication for users in your Workspace domain, however we’ll cover them briefly in this guide for completeness

1. As a first step, you’ll need to create a Google Cloud Project
2. You’ll then need to configure the OAuth Consent Screen for your project
   • The Consent Screen should feel trusted by your users when they sign-in to SGNl the first time, so some suggested values for the details on this page include:
     • App Name: SGNL
     • User Support Email: The email for your helpdesk, or the team supporting SGNL
     • App Logo: If you’d like to use a SGNL Logo, it’s available from https://sgnl.ai/media/SGNL-Media-Kit.zip
     • App Home Page: This will vary depending on your deployment topology, but for SGNL SaaS, this will be https://console.sgnl.cloud
     • Application privacy policy link: https://sgnl.ai/privacy/
     • Application terms of service link: https://sgnl.ai/terms-of-use/
     • Authorized Domains: https://console.sgnl.cloud and https://sgnl.ai
     • Developer Contact Info: The email for your helpdesk, or the team supporting SGNL
3. Continue to configure your OAuth Scopes
4. You need only two, non-sensitive scopes to integrate with SGNL, these are the /auth/userinfo.profile and openid scopes
5. Verify your configuration and go back to the Dashboard
6. Next, you should configure your OAuth Client, this will involve creating a new OAuth Client with the below suggested details:
   • Name: SGNL
   • Authorized redirect URIs: You can find this in the SGNL Console, within Admin → Security and should look something like: https://console.sgnl.cloud/{yourClientName}/auth/oidcCallback, e.g. https://console.sgnl.cloud/wholesalechips/auth/oidcCallback
7. Save the configuration and download or save your Client Id and Client Secret, you’ll need these in a moment

Configuring SGNL

1. In SGNL, using the navigation pane, browse to Admin → Security

   • Issuer: https://accounts.google.com
   • OIDC Client ID: The Client ID from Google
   • Client Secret The Client Secret from Google

2. Test the connection to verify your configuration was successful

   

3. Save your settings

Testing

1. Once SSO is configured, that will be the only way to sign-in, so if you want to do additional testing beyond the Test Sign-In button, you can do so with a new browser window
2. Browse to your SGNL Sign-On Page, e.g. https://console.sgnl.cloud/WholesaleChips
3. Click to ‘Sign-in with your Identity Provider’, you will be redirected to your Identity Provider to authenticate
4. After authentication, you should be redirected to SGNL and be signed-in, by default onto the dashboard