Page tree
Skip to end of metadata
Go to start of metadata

Google OAuth 2.0 SSO

Use this guide to configure an Agiloft knowledgebase to use Google Single Sign-On (SSO).

Initial Administrator Setup

In order to complete the configuration steps, you need a Google account, typically a Gmail address, to log in to the Google Developer Console. You may use any Google account to set up your Agiloft/OAuth project; it does not have to be associated with an Agiloft user. The address should be the one that you intend to use within Agiloft to sign on and access Google Docs. Google SSO can be configured with an SSO role or an APPS role.

Step 0: Finding the KB Redirect Address

Before you can start setup in the Google Developer Console, you need to find the redirect address for the KB you want to set up. As the admin user, log in to the Agiloft KB where you want to set up OAuth/Google SSO.

  1. Navigate to Setup > Access > Configure OAuth 2.0 Profiles and click New to create a new SSO profile.
  2. Copy the address in the Redirect URI field and paste it into another program for reference later, such as Notepad.
    • For an SSO role, this value should be: https://<server>:443/gui2/oauth20sso
    • For an APPS role, this value should be: https://<server>:443/ui/oauth20callback
  3. In the other program, if the server part of the value includes the specific server hostname, such as, replace it with your domain name, such as
  4. Click Cancel.

Step 1: Configuring the Google Developer Console

The following configuration steps are derived from the steps provided at They are designed to help you integrate Google OAuth 2.0 SSO with Agiloft.

  1. Log in to the Google Developers Console using the Google account which was created for this purpose.
  2. Create a new project
    1. Click the drop-down at the top right and select Create a project. 
    2. In the next dialog box, enter a project name and click Create, then wait for project creation to finish. You will see the Project Dashboard when it is done.
  3. In the Use Google APIs section, click Enable and manage APIs.
    1. In the left pane of the API Manager window, click Credentials.
      If you wish to enable Google Docs integration with Agiloft, you can use the Drive API option in this window. This will be covered in more detail below.

    2. In the Credentials dialog, select the OAuth consent screen tab.
      1. Enter your Google Email address.
      2. Enter the Product name that will appear in the consent screen.
      3. Optionally, enter the URL for the logo of your Agiloft instance, which will appear in the consent screen.
      4. Click Save.
    3. Select the Credentials tab, and select Add credentials > OAuth 2.0 client ID.

    4. Select the Web application radio button.
      1. Optionally, enter a name for the web client.
      2. Leave the Authorized JavaScript origins field blank.
      3. In the Authorized redirect URIs field, enter the URL you copied from the KB.
        • For an SSO role, this value should be: https://<server>:443/gui2/oauth20sso
        • For an APPS role, this value should be: https://<server>:443/ui/oauth20callback
      4. Save this URL, which will be used to create your OAuth profile in Agiloft.
      5. Click Create.
    5. In the OAuth client dialog, save the client ID and client secret values. You will need to input the same values in the OAuth 2.0 Configuration wizard in each Agiloft KB where you will use Google OAuth 2.0 based SSO.

Step 2: Enabling the Google Apps API

Complete this step if you plan to use Google Drive integration so that you can upload Google Docs to any file fields in Agiloft. The file field must also have Google Docs enabled.

To enable Google Docs for a file field, edit the field in question, and then in the Options tab of the field wizard, select Yes under Allow Google Documents.

  1. Navigate to the Overview window of the API Manager and click Drive API.
  2. Click Enable API.
  3. Optionally, navigate to the Drive UI Integration tab and configure the options for Google Drive integration with Agiloft.
  4. Exit the Google Developers Console.

Step 3: Configuring SSO in the Agiloft KB

As the admin user, log in to the Agiloft KB where you want to set up OAuth/Google SSO.

  1. Navigate to Setup > Access > Configure OAuth 2.0 Profiles and click New to create a new SSO profile.
    Note: Multiple profiles can be set up to manage the Google OAuth roles. This is important when enabling Google Drive integration.

  2. Leave the Use full OAuth account name checkbox selected.
  3. Enter a name for the OAuth 2.0 provider, such as Google.
  4. For The role of the OAuth 2.0 Provider, select OAuth20_SSO.
  5. Enter the following information in the remaining fields:
    1. Redirect URI: Leave the default value here.
    2. Client ID/Consumer Key: The client ID value provided above.
    3. Client/Consumer Secret: The client secret value provided above.
    4. Authentication URI: For Google OAuth 2.0 based SSO, enter
    5. Token URI: For Google OAuth 2.0 based SSO, enter
    6. Click Finish to save the OAuth 2.0 configuration.
  6. To allow users to sign into Agiloft using Google OAuth 2.0 based SSO, ensure that at least one of the following conditions is satisfied:
    1. The Login name of the Agiloft user is the same as the user’s Gmail account.
    2. The Email Address of the Agiloft user is the same as the user’s Gmail account.
  7. To enable OAuth2.0 for your users when they click a hyperlink sent within an email, change the Hotlink Type global variable value to OAUTH20. You can do this on either the Admin Console or Power User interface.
  8. Log out as the admin user.

Once the above steps are completed, Agiloft users will be able to log in using their Google account.

Configuring Google Drive in the Agiloft KB

The steps to configure Google Drive integration in Agiloft are very similar to the above procedure. The only differences are:

  1. In the OAuth 2.0 Identity Provider Name field, enter GOOGLE APPS.
  2. For The role of this OAuth 2.0 Provider, select Google_APPS.
  3. This will create a Google Apps profile that will enable you to use Google Docs files within the Agiloft KB.

Force SSO Login

Finally, to make sure users log in with SSO after the transition, manually set new passwords for users who should use SSO instead. To do so:

  1. Go to the People table and select every user who should use SSO from this point on.

    Don't select every single user in your system. It's best to leave at least one administrator unchanged, if not the whole admin team, in case you encounter SSO issues in the future that prevent users from logging in with SSO.

  2. Click Mass Edit, or Edit Fields, in the action bar.
  3. Select the Password field, then click Next to proceed to the Update tab.
  4. Enter "random" in the field without quotes, and select the formula option. This will call the random function to generate a random new password for everyone you selected.

  5. Click Next, then Finish.
  6. Now, go to Setup Employees and go to the Layout tab. If you will use SSO for every user in the system, including external users, go to Setup People instead.
  7. Remove the Password field from the layout. This prevents users from manually setting a new password and potentially using it to log in instead of SSO.

Next, review your settings for hotlink authentication. Go to Setup > Access > Configure Hotlinks and set the authentication to Require Password, or to either of the Require Login and Password options.

Finally, go to Setup > System > Manage Global Variables and check the Customized Variables tab for the Hotlink Type variable. If it has been customized, edit it and reset it to the default value of STANDARD.

You might also notice a setting in the People table called SSO Authentication Method. This field is set automatically by the system when you enable SSO, and should not be modified.

Logging into Agiloft using your Google account

Before completing the following steps:

  • The Agiloft KB must already be configured to support Google OAuth SSO.
  • Each user to be authenticated must have an email address or username in the OAuth Identity Provide such as Google, which matches either the Login or Email Address of the user’s record in Agiloft.

Signing in with Google

  1. In your browser, enter the address of the OAuth 2.0 SSO Landing Page as follows: https://<SERVER NAME>/gui2/googleoauth.jsp, where <SERVER NAME> is the FQDN/IP Address of the Agiloft instance.
  2. Select appropriate values for Language, Project (KB), and Interface, then click Sign in with Google.
    Note: The Project/KB must have OAuth 2.0 configured.

  3. If you are not already signed in or authenticated, you will be prompted for the Google user name and password.
  4. Enter your Google ID which matches an Agiloft user and valid password.
    1. If you are logging in with Google OAuth 2.0 for the first time, you may be prompted with a consent screen as follows:
    2. Click on Accept to continue with the login. You will be redirected to your Agiloft knowledgebase.
    3. The PRODUCT NAME chosen during SSO setup will be shown to users on the login screen above.