SafeTitan supports the OIDC federation protocol for SSO integration with Google. The configuration steps for setting up this integration are listed below.
Configure Google
- Go to Google API Console
- Create a Project for SafeTitan
Create Authorization credentials
Any application that uses the OAuth 2.0 to access Google API's must have authorization credentials that identify the application to Google's OAuth 2.0 server. The following steps explain how to create Credentials for your project. You applications can then use the credentials to access API's that you have enabled for that Project.
- Go to the Credentials Page
- Click Create credentials > OAuth client ID
- On application type select Web application
- Add a name e.g., safetitan-OIDC
- Specify authorized javascript origins
- They will be https://{your Subdmain}.safetitan.com
- Specify Authorized redirect URI's. The redirect URI's are the endpoints to which the OAuth 2.0 server can send responses.
- They will be https://{your dmain}.safetitan.com/auth/osignedin
After creating you credentials, you can download the client_secret.json file from the API Console
Configure Consent Screen
User Type: Internal
App Information:
- Name: Create any name e.g., SafeTitan Training
- Authorized Domain: safetitan.com
Configure Scopes
Ensure that the Scopes for Google API's list contains the email and openid scopes.
Configure SafeTitan
For each of the fields, provide the values
- Authentication Type: OpenIdConnect
- Post Logout Redirect URI: https://{your Subdomain}.safetitan.com/auth/osignedin
- Redirect URI: https://{your Subdomain}.safetitan.com/auth/osignedin
- Authority: https://accounts.google.com
- Client Id: This should be the ClientID field you will have been provided with from the Google credential.
- Client Secret: This should be the Client Secret field you will have been provided with from the Google credential.
- Domain Hint: Blank
- Username Claim: This will default to email but can be updated to a claim of your choosing, for example the UPN claim would be: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
- Click Save
Note: It may take 24 hours for the settings to completely update.