Skip to main content

Google

In this document, we'll show you how to use Google as an Identity provider for Paralus. This will allow your users to login via Google and access Paralus. Below is the list of items that we will cover in this document:

Creating a Google SSO Application

Create a new Project if you haven't already. From the top search bar, search for OAuth. You first need to create an OAuth application and provide details for the OAuth consent screen.

  1. Configure the OAuth consent screen by choosting the type of user who would use your application - Internal or External. Internal users are users from your organization, external are users with a valid Google account. We choose Internal in this case.

    Choosing the User Type - Google OAuth
  2. Provide a name for the application, a user admin email id along with authorized domains. Make sure the authorized domain is SSL enabled. If you don't proivde an SSL enaled domain name, Google won't allow you to use certain fields.

    Configuring Google OAuth Consent Screen
  3. Choose a scope. Scopes are the fields that you want to access from your application. In this case we need access to the user profile with email address and name and oidc.

    Choosing the scope.

Creating OAuth App

After you've configured the consent UI, navigate to Credentials and create a new OAuth 2.0 Client Id

  1. Click on Create Credentials button from the top navigation bar and choose OAuth Client ID from the list.

  2. In Application Type, select Web Application

  3. Provide a Name

  4. Add an Authorized redirect URI. This will be the one provided by Paralus OIDC setup page.

  5. Click create to create the OAuth app

    Creating OAuth App

Adding an Identity Provider to Paralus

Login to your Paralus dashboard and navigate to System -> Identity Providers and click on New Identity Provider

Provide the name of the identity provider and choose IdP type as Google from the drop down.

For client identifier & secret, provide the client-id & client-secret of the Google OAuth app created earlier.

Under Scope provide openid,email,profile

For Issuer URL, provide this url: https://accounts.google.com

Adding new identity provider in Paralus

Click Save & Continue.

From the next screen copy the Callback URL and paste it in the callback URL for the Google OAuth app created in the earlier step.

On the Mapper Configuration screen, the mapper url will be pre-filled, click Save & Exit.

At this point, you have successfully added Google as an identity provider for Paralus.

Verify Login with Google

To confirm if the setup was correct, logout from Paralus.

On the login screen, you should now see a Sign In With Google button. Click on it to begin the login process using Google.

Login Using Google

Enter your Google credentials and login to Google.

Authenticate on Google

Once authenticated, you'll be redirected to Paralus dashboard.

Congratulations! You've successfully configured Google as an identity provider for Paralus.

Note: Depending on the permission, the user that logs in using Google might not see any projects on the dashboard. As an admin, you'll have to configure their group and assign them a project.

CNCF

We are a Cloud Native Computing Foundation sandbox project.