Setting up OpenID authentication on Google Workspace

You can allow users to log in to Haiilo with their Google Workspace credentials. To enable the login, you need to complete steps both in the Google and Haiilo Administration.

Generate Client ID and Secret in Google

You need super admin rights in your Google Workspace account to generate and obtain the required Client ID and Secret. 

Create a project

  1. Log in to the Google Cloud Platform.
  2. Go to Dashboard
  3. Select Create project or select your existing project > New project
  4. Enter a name for your project
  5. Select Create

Create an OAuth consent screen

  1. In the newly created project, select APIs & Services > OAuth Consent screen
  2. In User type, select Internal (only for your organization)
  3. Select Create
  4. Under App information, enter:
    • App name
    • User support email
    • App logo
  5. Under Authorized domains, add your Haiilo platform domain, e.g., subdomain.haiilo.app
  6. Under Developer contact information, enter a contact email at your company, e.g., for your IT department.
  7. Select Save and continue.
  8. Under Add or remove scopes, select:
    • /auth/userinfo.email
    • /auth/userinfo.profile
    • openid
  9. Select Update > Save and continue

Generate Client ID and Secret

  1. Select Credentials from the left menu
  2. Select Create credentials > OAuth client ID
  3. Under Application type, select Web application
  4. Enter a name for your client
  5. Under Authorized JavaScript origins, select Add URI.
  6. Add all possible URLs at which your platform can be reached, e.g., subdomain.haiilo.app
  7. Select Create
  8. Copy the Client ID and Client Secret

Keep the browser tab for Google Admin open, so you can add the request URL after setting up the connection in Haiilo.

Set up a new authentication provider in Haiilo

You need to have "Manage authentication providers" permission to set up an authentication provider in Haiilo.

  1. In Haiilo, go to Administration > Authentication
  2. Select Create authentication provider
  3. Enter a name. The name is displayed to users on the login screen after "Authenticate with".
  4. Select type OpenID Connect
  5. Check Active. You can also leave it unactivated for now and activate it only later when the setup is fully completed.
  6. Decide if you want to use automatic login, which automatically redirects to the identity provider after 3 seconds.
  7. Decide whether this authentication provider sends session emails for new logins.
  8. Select a preset:
    • Google IdP: Select if you're only using the basic Google integration features
    • Google IdP + Integration: Select if you're using the basic and add-on Google integration features. The setup instructions for using the add-on features can be found in the Activating the Google add-on features article.
  9. Input the Client ID that you copied from the Google Administration 
  10. Input the Client Secret that you copied from the Google Administration
  11. We recommend keeping the preset fields untouched.
  12. Select Save to create the authentication provider
  13. Select Edit on the newly created provider
  14. Copy the Redirect URL that appears at the bottom of the setup page

Update Redirect URL in Google

After configuring the authentication provider in Haiilo, you can add the redirect URL in the Google Administration.

  1. Under Authorized redirect URIs, paste the redirect URL from Haiilo
  2. Select Create

Was this article helpful?

0 out of 0 found this helpful