Google OAuth allows each Google Workspace user to log in and access their ArcTitan archived mail. ArcTitan adds an OpenID Connect type OAuth connection to help enable this.

  1. To finish setting up OAuth Client ID, log in to ArcTitan as an administrator.

  2. Select Advanced Configuration > SSO – OAuth on the left, and then select Create New Connection.

    AT-AT-SSO-OAuth.jpg
  3. From the Provider Type dropdown menu in the Connection Details section, select OpenId Connect:

    AT-OpenId-Connect.jpg
  4. Enter a Connection Name that is meaningful, as it will be used on the login page on a new button with the words Login using <connection name>.

  5. Return to the Google APIs & Services, and select Credentials > +Create Credentials > OAuth Client ID.

    AT-Credentials-CreateCredentials.jpg
  6. On the Create OAuth client ID panel, select Web application in the Application type field:

    AT-cry-web-application.jpg
  7. Enter a name for your OAuth client.

  8. In the Redirect URI field, enter the redirect URIs as displayed by the ArcTitan SSO OAuth panel.

    Note

    For ArcTitan, only use the first Redirect URI; the second URI is not applicable.

    AT-cry-redirect-url.jpg
  9. Select Create. A Client ID and secret value are generated as follows:

    AT-cry-oauth-client-created.jpg
  10. Copy and paste these values to the Client Id and Client secret fields in your ArcTitan UI.

    AT-cry-clientid-secret.jpg
  11. Enter the following details in the remaining fields in your ArcTitan UI:

    • Authorization URL: https://accounts.google.com/o/oauth2/auth

    • Access Token URL: https://oauth2.googleapis.com/token

    • User Detail URL: https://www.googleapis.com/oauth2/v3/userinfo

  12. Next, enter your details in the User Detail Attributes section.

    An example of the completed screen is shown below:

    AT-cry-example.jpg
  13. Go to the ArcTitan Login page where you can see an additional login button with the words Login With <OAuth connection name>. An example of this is shown below, where the connection name is Google:

    AT-Login-With-Google-Example.jpg
  14. Select the new Login link to open the Google Authentication service, which displays the Consent Screen details and logo that you provided earlier.

    AT-cry-consent-screen.jpg

    Note

    Note that when logging in for the first time to ArcTitan in this way, the UI may display a message notifying you that access from host account.google.com is barred. This is because the login process redirects the user’s browser, which results in the user appearing to be connecting via another service.

    AT-cry-error-message.jpg

    To fix this, contact your ArcTitan administrator, who will add the host displayed in the message to ArcTitan as an Allowed Referrer Host. To do this, the ArcTitan administrator accesses Adv. Configuration > Web Security settings to add accounts.google.com, as shown in the example below:

    AT-cry-web-security-settings.jpg
  15. Next, you'll need to link the OAuth Client ID to your Workspace.