Authentication: SSO with Google
Linkurious Enterprise supports Google as an external authentication provider with Single Sign-On.
Since Google implements the OpenID Connect standard, it can be configured as an OpenID Connect provider in Linkurious Enterprise.
Configuration
To set up Linkurious Enterprise authentication with Google, follow these steps:
- Create the credentials on your Google Developers console. You may have to fill in the OAuth consent screen.
- From the portal, obtain the following parameters:
authorizationURL
, e.g.https://accounts.google.com/o/oauth2/v2/auth
tokenURL
, e.g.https://www.googleapis.com/oauth2/v4/token
clientID
, e.g.1718xxxxxx-xxxxxxxxxxxxxxxx.apps.googleusercontent.com
clientSecret
, e.g.E09dQxxxxxxxxxxxxxxxxSN
- Add or edit the existing
oauth2
section inside theaccess
section inlinkurious/data/config/production.json
To limit the access to the Google accounts from your domain, use
the hd
query parameter in the authorizationURL
with your domain as value.
Example access.oauth2
configuration with Google:
"access": {
// [...]
"oauth2": {
"enabled": true,
"provider": "openidconnect",
"authorizationURL": "https://accounts.google.com/o/oauth2/v2/auth?hd=YOUR_DOMAIN",
"tokenURL": "https://www.googleapis.com/oauth2/v4/token",
"clientID": "XXXXXXXXXX-XXXXXXXXXXXXXXXX.apps.googleusercontent.com",
"clientSecret": "XXXXXXXXXXXXXXXXXXXXXXX"
}
}
OAuth2 redirect URL
The OAuth2 redirect URL of Linkurious Enterprise is the following:
http(s)://HOST:PORT/api/auth/sso/return
.
This redirect url will need to be added in the Authorized redirect URls
section of the credentials section on your Google Developers console