Be sure to use Google securely
If you’re subject to the EU GDPR, you’ll need to evaluate the compliance of Google's OAuth tool separately from your Data Processing Agreement with us. Google's OAuth tool is not an authorized GDPR subprocessor under our agreement with you.
Introduction
ControlShift supports adding a "Sign in with Google" option for users creating or logging into the platform.
Signing in with Google makes the account creation and log in process easier because users are not asked to enter their name, email, or choose a password for their account. Instead, their account will be automatically tied to their Google account information.
Enable Google Sign In
If your organization wants to enable Google sign in, you have a two options.
First, you can email support, and we can add you to our generic ControlShift + Google Sign In (OAuth) application.
If you'd prefer to use a Google Sign In (OAuth) application that's specific to your organization, we also allow you to configure that on your own. If your organization already has an OAuth project in Google Cloud, you can follow those instructions. Otherwise, the following steps will walk you through setting up a new project, configuring OAuth, and generating credentials.
If your organization doesn't yet have an OAuth project in Google Cloud
To get started, you'll need to log into the Google Cloud Platform's Console, click the Select a project link in the header, and click to create a new project. Once created, make sure that your new project name is displayed in the project section of the header.
Then click the menu button () > APIs and Services > OAuth consent screen.
From this page, choose the External option. (Choosing internal will only allow users with your organization's domain name to use Google sign in.)
Once you've clicked the Create button, you'll be brought to the final page of the OAuth app setup process. On this page, set your Application name, Application logo (optional), and choose a sensible support email. You'll then need to add your ControlShift platform's domain(s) to the Authorized domains section. If your organization isusing multiple hostnames, you must include all of them in the list of authorized domains. You'll also need to add links for your homepage, privacy policy, and terms of service (optional). When you're done entering this information, click Save.
Now, click the Credentials link in the left side bar, and click the Create Credentials > OAuth Client ID option.
From here, select the Web Application application type. Give your OAuth 2.0 client a name – it doesn’t matter what you choose, because supporters won’t see it. At the bottom of the form, click the Add URI button under Authorized redirect URIs. The URI should be [the full URL of your ControlShift platform]/users/auth/google/callback. If your organization is using multiple hostnames, you must include a URI for each hostname here as well. (So if we were setting this up for our demo site at https://demo.controlshiftlabs.com, which uses a single hostname, the redirect URI would be https://demo.controlshiftlabs.com/users/auth/google/callback) Now click to Save.
Once completed, open a new tab and go to your ControlShift platform > Settings > Integrations and click to Add under Google Sign-In. On this page, you'll need to copy the Client ID and Client Secret from the OAuth 2.0 client you just created, paste them into the form, and click Save. You should then see a message saying that the integration is now configured with custom credentials.
We'd then recommend attempting to log into the site using the Google sign-in flow to confirm that it's working correctly. If you run into any issues, or have any questions, please let us know.
If your organization already has an OAuth project in Google Cloud
If your organization is already using OAuth on other properties and you want to reuse your existing OAuth credentials, you can do that too. To get started, log into the Google Cloud Platform's Console, click the Select a project link in the header, and choose the appropriate project.
Then click the menu button () > APIs and Services > OAuth consent screen. Before reusing existing credentials, please be sure to confirm the following about your existing app:
- The existing app is tied to an External user type
- Click the Edit App button next to the app name and confirm that the name, support address, authorized domains, and links are appropriate for use with ControlShift.
If any of the above is not correct for use with ControlShift, you may need to create a new project.
If all of the above is correct for use with ControlShift, click the Credentials link in the left side bar, and look for the appropriate option under OAuth 2.0 Client IDs. Next to the Client ID name and creation date, a Type will be listed. Please confirm that the type is Web Application. If the type is anything other than Web Application, you cannot use the existing credentials. Instead, please create new credentials.
If the existing credentials are tied to the Web Application type, click the Client ID name. From here, click the Add URI button under Authorized redirect URIs. The URI should be [the full URL of your ControlShift platform]/users/auth/google/callback. If your organization isusing multiple hostnames, you must include all of them in the list of authorized domains. (So if we were setting this up for our demo site at https://demo.controlshiftlabs.com, which uses a single hostname, the redirect URI would be https://demo.controlshiftlabs.com/users/auth/google/callback.) Now click to Save.
Once completed, open a new tab and go to your ControlShift platform > Settings > Integrations and click to Add under Google Sign-In. On this page, you'll need to copy the Client ID and Client Secret from the OAuth 2.0 client you just updated, paste them into the form, and click Save. You should then see a message saying that the integration is now configured with custom credentials.
We'd then recommend attempting to log into the site using the Google sign-in flow to confirm that it's working correctly. If you run into any issues, or have any questions, please let us know.
Comments
0 comments
Please sign in to leave a comment.