Page tree
Skip to end of metadata
Go to start of metadata

Google OAuth 2.0 SSO

This short guide will assist you in configuring an Agiloft knowledgebase to use Google Single Sign-On (SSO).

Initial Administrator Setup

In order to complete the configuration steps, you need a Google account, typically a Gmail address, to log in to the Google Developer Console. You may use any Google account to set up your Agiloft/OAuth project; it does not have to be associated with an Agiloft user. The address should be the one that you intend to use within Agiloft to sign on and access Google Docs.

Step 1: Configuring the Google Developer Console

The following configuration steps are derived from the steps provided at https://developers.google.com/accounts/docs/OAuth2Login#appsetup. They are designed to help you integrate Google OAuth 2.0 SSO with Agiloft.

  1. Log in to the Google Developers Console using the Google account which was created for this purpose.
  2. Create a new project
    1. Click the drop-down at the top right and select Create a project. 
    2. In the next dialog box, enter a project name and click Create, then wait for project creation to finish. You will see the Project Dashboard when it is done.
  3. In the Use Google APIs section, click Enable and manage APIs.
    1. In the left pane of the API Manager window, click Credentials.
      If you wish to enable Google Docs integration with Agiloft, you can use the Drive API option in this window. This will be covered in more detail below.

    2. In the Credentials dialog, select the OAuth consent screen tab.
      1. Enter your Google Email address.
      2. Enter the Product name that will appear in the consent screen.
      3. Optionally, enter the URL for the logo of your Agiloft instance, which will appear in the consent screen.
      4. Click Save.
    3. Select the Credentials tab, and select Add credentials > OAuth 2.0 client ID.

    4. Select the Web application radio button.
      1. Optionally, enter a name for the web client.
      2. Leave the Authorized JavaScript origins field blank.
      3. In the Authorized redirect URIs field, enter the URL for your Agiloft instance as https://<SERVER NAME>/gui2/oauth20sso, where the SERVER NAME must be replaced by your Agiloft server FQDN/IP address. For example, https://example.com/gui2/oauth20sso.
      4. Save this URL, which will be used to create your OAuth profile in Agiloft.
      5. Click Create.
    5. In the OAuth client dialog, save the client ID and client secret values. You will need to input the same values in the OAuth 2.0 Configuration wizard in each Agiloft KB where you will use Google OAuth 2.0 based SSO.

Step 2: Enabling the Google Apps API

Complete this step if you plan to use Google Drive integration so that you can upload Google Docs to any file fields in Agiloft. The file field must also have Google Docs enabled.

To enable Google Docs for a file field, edit the field in question, and then in the Options tab of the field wizard, select Yes under Allow Google Documents.

  1. Navigate to the Overview window of the API Manager and click Drive API.
  2. Click Enable API.
  3. Optionally, navigate to the Drive UI Integration tab and configure the options for Google Drive integration with Agiloft.
  4. Exit the Google Developers Console.

Step 3: Configuring SSO in the Agiloft KB

As the admin user, log in to the Agiloft KB where you want to set up OAuth/Google SSO.

  1. Navigate to Setup > Access > Configure OAuth 2.0 Profiles and click New to create a new SSO profile.
    Note: Multiple profiles can be set up to manage the Google OAuth roles. This is important when enabling Google Drive integration.

  2. Leave the Use full OAuth account name checkbox selected.
  3. Enter a name for the OAuth 2.0 provider, such as Google.
  4. For The role of the OAuth 2.0 Provider, select OAuth20_SSO.
  5. Enter the following information in the remaining fields:
    1. Redirect URI: The Authorized redirect URI entered above.
    2. Client ID/Consumer Key: The client ID value provided above.
    3. Client/Consumer Secret: The client secret value provided above.
    4. Authentication URI: For Google OAuth 2.0 based SSO, enter https://accounts.google.com/o/oauth2/auth.
    5. Token URI: For Google OAuth 2.0 based SSO, enter https://accounts.google.com/o/oauth2/token
    6. Click Finish to save the OAuth 2.0 configuration.
  6. To allow users to sign into Agiloft using Google OAuth 2.0 based SSO, ensure that at least one of the following conditions is satisfied:
    1. The Login name of the Agiloft user is the same as the user’s Gmail account.
           or
    2. The Email Address of the Agiloft user is the same as the user’s Gmail account.
  7. To enable OAuth2.0 for your users when they click a hyperlink sent within an email, change the Hotlink Type global variable value to OAUTH20. You can do this on either the Admin Console or Power User interface.
  8. Log out as the admin user.

Once the above steps are completed, Agiloft users will be able to log in using their Google account.

Configuring Google Drive in the Agiloft KB

The steps to configure Google Drive integration in Agiloft are very similar to the above procedure. The only differences are:

  1. In the OAuth 2.0 Identity Provider Name field, enter GOOGLE APPS.
  2. For The role of this OAuth 2.0 Provider, select Google_APPS.
  3. This will create a Google Apps profile that will enable you to use Google Docs files within the Agiloft KB.

Logging into Agiloft using your Google account

Before completing the following steps:

  • The Agiloft KB must already be configured to support Google OAuth SSO.
  • Each user to be authenticated must have an email address or username in the OAuth Identity Provide such as Google, which matches either the Login or Email Address of the user’s record in Agiloft.

Signing in with Google

  1. In your browser, enter the address of the OAuth 2.0 SSO Landing Page as follows: https://<SERVER NAME>/gui2/googleoauth.jsp, where <SERVER NAME> is the FQDN/IP Address of the Agiloft instance.
  2. Select appropriate values for Language, Project (KB), and Interface, then click Sign in with Google.
    Note: The Project/KB must have OAuth 2.0 configured.

  3. If you are not already signed in or authenticated, you will be prompted for the Google user name and password.
  4. Enter your Google ID which matches an Agiloft user and valid password.
    1. If you are logging in with Google OAuth 2.0 for the first time, you may be prompted with a consent screen as follows:
    2. Click on Accept to continue with the login. You will be redirected to your Agiloft knowledgebase.
    3. The PRODUCT NAME chosen during SSO setup will be shown to users on the login screen above.

Agiloft