GSuite

Configuring a connection with GSuite

There are three steps to configure a connection with GSuite:

It is not possible to generate Client Credentials using federated logins.

When deleting a federated login provider, all users linked to it will be permanently deleted automatically and without prior notice.
It is not possible to recover this data after deletion.

To configure a connection with GSuite, follow the steps below:

Create a federated login in Access Control

  1. Access the Federated Login screen via the left menu.

  2. Select the GSuite federated login type and click CONFIGURE FEDERATED LOGIN.

  3. Copy the URL from the Callback URL field.

    gsuite federated login

    This is the URL to which the user must be returned after authentication and will be used later in the Google Cloud Console configuration.

Create a client app in the Google Cloud Console

  1. In a new tab, access the Google Cloud Console.

  2. Create a new project by clicking + CREATE PROJECT in the upper left corner of the screen:

    gsuite create project

  3. Enter the project name and location. Then, click CREATE.

    gsuite create project form

  4. Wait for your project to be created. A message will be displayed on the notification icon bell icon.

  5. Click the notification icon and select the newly created project. You can also use the search bar to locate and select it.

    gsuite project search bar notification

  6. After selecting the project, in the left side menu of the screen, select APIs & Services  Credentials.

    gsuite api services credentials

  7. On the Credentials screen, click Configure consent screen.

    gsuite consent screen

  8. On the OAuth Overview screen, click Get started.

    gsuite oauth overview

    1. Fill in the fields in the App information section and click Next.

      • App name and

      • User support email.

        gsuite app info

    2. In the Audience section, select the External option and click Next.

      The External option enables the creation of the application in the Google Cloud Console.

      However, it is important to know that when using this option, any user with a Google Account can attempt to access the environment, which may increase exposure.

      To reduce this risk, make sure to correctly configure test users and other restrictions during the process.

      If your organization requires stricter access control, evaluate the possibility of using the Internal option, which limits use only to users of the configured domain.

      gsuite consent screen create

    3. In the Contact Information section, enter one or more email addresses and click Next. The provided emails will be used by Google for notifications regarding changes made to the project.

      gsuite developer info

    4. Review Google’s data use policy and, if you agree, check the checkbox and click Continue and then Create.

  9. On the OAuth Overview screen, click the Create OAuth client button.

    gsuite create oauth client button

  10. In Create OAuth client ID:

    • in Application type, select Web application and

    • in Name, enter the name of the OAuth client.

      gsuite create oauth client name

  11. In the Authorized redirect URIs section, click ADD URI and enter the address (callback URL) that you copied in step 3 during the integration creation stage in Access Control.

    gsuite oauth redirect uri

  12. Click CREATE.

  13. Your OAuth client will be created and the Client ID and Client secret will be displayed. Click OK.

    Save this data, as it will be used in the Access Control configuration.

    gsuite oauth client id secret

  14. In the left side menu, access Audience and, in the Test users section, click + ADD USERS.

    gsuite test users

  15. Enter a valid email managed by Google and click Save.

    This user will be used to access Access Control.

    gsuite test users add


Configure the federated login in Access Control

  1. After creating the app in the Google Cloud Console, return to Access Control and fill in the fields below with the obtained data:

    • Client ID: information obtained in step 15 during the client app creation stage in the Google Cloud Console.

    • Client secret: like the Client ID, enter the Client secret obtained in step 15 during the client app creation stage in the Google Cloud Console.

    • Role: select the role to be applied with this access.

If there are roles configured on your identity provider’s side, they will prevail over this one.

Disabling or editing a connection with GSuite

Once active, the connection with GSuite can be updated at any time. To do this, click on any field you wish to edit, make the necessary modifications, and click UPDATE to confirm and update or CANCEL to cancel.

To disable a connection, click the DISCONNECT button.

When clicking the DISCONNECT button, all users of that federated login will have their access disabled. To re-establish the connection, follow the steps above again (Configuring a connection with GSuite).

Clicking DISCONNECT does not change your settings with your identity provider.

Login and user control

Contrary to what happened with login via the Sensedia Platform, logging in with a username and password remains possible even after configuring GSuite.

A user will be able to log into Sensedia products both through GSuite and separately.

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]