How to configure Google Workspace provider authentication

Provider authentication allows Square 9 products to leverage 3rd party providers to handle user authentication. To give your Google Workspace users the ability to leverage their Google login for accessing GlobalSearch, administrators can follow this guide.

Customers looking to leverage this feature must be on GlobalSearch v6.3.101 or greater.

Instructions

The steps described here are performed by your Google Workspace administrator. Square 9 leverages Google’s Cloud Identity Platform to enable the oAuth flow for users. Note, this provisioning IS NOT performed from Workspace Admin dashboard. It is managed through the Cloud Console.

  1. Navigate to https://console.cloud.google.com/ and authenticate.

  2. Create a new project for GlobalSearch authentication. Its name is not important to the authentication process.

     

  3. Ensure the new project is selected in the console.

     

  4. Navigate to APIs & Services, then choose oAuth consent screen.

     

  5. Select your consent screen options. Note, you can only have a single consent screen per application, and once you create a consent screen, you can not delete it. The only way to get rid of it completely is to delete the project.

    Choose the user type for your desired authentication, the click Create:

     

  6. Provide the basic App information that will display in the oAuth login prompt. App Name should represent what the user is providing credentials for. We recommend Square 9 Softworks, but the name is not relevant to the Auth process itself. Support Email is an internal email address, NOT a Square 9 address. App Logo can be the logo of your choosing.

     

  7. Provide an email for Developer Contact. Again, this is an internal Email Address and has nothing to do with Square 9. Generally this would be the address of your Google Cloud admin.

     

  8. One the Scopes page, click Add or Remove Scopes and choose email, profile, and openid.

     

  9. Click Save and Continue.

  10. On the Credentials tab, click Create Credentials, then select oAuth Client ID.

     

  11. In the Application Type drop down, select Web application. Provide a name (Square 9 Softworks). Add an authorized redirect URI. Note the redirect URI must adhere to the following format:

    https://YourGlobalSearchServerAddress/square9web/lib/oidc/oidc-callback.html

     

  12. Click Create, and you should see an oAuth Client created screen that includes a Client ID. The Client ID provided is required by the GlobalSearch Administrator to finish the configuration steps.

    This completes the steps required by the Google Cloud Admin.

  13. On the GlobalSearch Server, navigate to c:\inetpub\wwwroot\square9web and open Config.json.

  14. The following section will need to be added to the file. Be sure to add the Client ID received in Step 12 above.

    "authProviders": ["google"], "google": { "orgUrl": "https://accounts.google.com", "clientId": "Your Client ID here" }

     

  15. Save the changes and your environment is not properly configured for authentication through Google Workspace. Users logging in will now have a Sign in with Google option.

    Â