To access PureDome applications, users have the option to verify their identity using Google Workspace Single Sign-On (SSO).
Below are the steps to configure Google Workspace SSO integration:
Step 1 - Setting up SSO Application on Google Workspace
- Log in to the Google Admin console, and go to IAM and admin > Create a project.
- Enter Project name, assign this project to an organisation and click CREATE.
- After that, you will be directed to the main dashboard of your project.
- From the main dashboard of your project, go to APIs and services > Credentials.
- Click CONFIGURE CONSENT SCREEN.
- From 0Auth consent screen > User Type, select Internal and click CREATE.
- Enter App name, and User support email.
Note:
The User Support Email field requires you to specify an email address that will be displayed to users on the consent screen. This should be an email address that you regularly monitor so that you can answer questions they have about sign-in, authorization, or the app integration in general. The drop-down selection box will show you the available options for the User Support Email.
- Scroll down, enter Developer contact information, and click SAVE AND CONTINUE.
- Define scopes (scopes express the permissions you request users to authorize for your app, enabling your project to access specific categories of private user data from their Google Account). Click ADD OR REMOVE SCOPES.
- Select the highlighted API and Scope, scroll down and click UPDATE.
- From the app registration page, scroll down and click SAVE AND CONTINUE.
- Review the summarised version of the app registration recently created. After completing the review, scroll down and click BACK TO DASHBOARD.
Step 2 - Configuring the Client ID and Client Secret
- From the main dashboard of your project, go to APIs and services > Credentials > CREATE CREDENTIALS > OAuth client ID.
- From Application type, select Web application and enter a Name for your client ID.
- Scroll down to the Authorised redirect URls, click + ADD URL, enter the following URL and click CREATE.
https://login.puredome.com/oauth2/callback
- Copy the Client ID and Client secret values for later use.
Step 3 - Configuring the Issuer URL
- Copy the following URL (to be used as issuer URL for later use):
https://accounts.google.com
Step 4 - Managing user access
- From Google Admin console, go to Directory > Organizational units.
- Click Create organizational unit.
- Enter a Name of organizational unit and click CREATE.
- The organization name just created will be visible under all Organizational units under your Google Admin workspace. Now, we need to assign internal users to this organizational unit.
- Go to Directory > Users, and search the name of the user you intend to assign to your organizational unit.
- On the user's interface, click CHANGE ORGANIZATIONAL UNIT.
- Select the organizational unit we created in previous steps, and click CONTINUE.
Step 5 - Configure an OAuth app
- From Google Admin console, go to Security > API Controls > App Access Control > Add app > OAuth App Name Or Client ID.
- Enter the client ID previously copied, and click SEARCH.
- The OAuth app associated with the entered client ID, which we generated earlier, should be visible.
- Select the application, check the boxes for the client IDs you want to configure, then click SELECT.
- Assign the OAuth application to the organizational unit of your choice. Click Include organizations.
- Search for the organizational unit to which we earlier assigned the team members and click SELECT.
- After selecting the organizational unit, click CONTINUE.
- Select what type of access this app should have to Google data for users in the selected organizational unit, and click CONTINUE.
- Review the information and make any necessary adjustments if needed. Then click FINISH.
- The integration of the app is now completed and ready for use with PureDome.
Step 6 - Adding a new identity provider
- Head over to the PureDome console on your browser, navigate to Preferences and Single Sign-On. By choosing Google you will be asked to enter four values as follows:
IDP Name: Any name you want
Client ID: Value copied from Google Admin dashboard
IDP Client Secret: Value copied from Google Admin dashboard
Issuer URL: Created in step 3.
- After completing all the steps above, you have successfully set up an OIDC application on your Google Admin workspace with SSO enabled for PureDome.
Note:
- Single-Sign-On (SSO) will be enabled for the PureDome console and apps.
- Only users/groups assigned in your organization to this application will be able to log in subject to being invited to the PureDome console via their registered email address on their Google workspace account.
Note:
Supported app versions for SSO:
Windows: v2.1.6.8 and above
macOS: v2.1.3 and above
iOS: v2.1.2 and above
Android: v2.4.34 and above
If you have any questions or are experiencing any issues, please don't hesitate to contact our 24/7 customer support team via live chat or email at support@puredome.com. We're always happy to help!