Google OAuth

SSO with G-Suite

Introduction

By integrating Google OAuth with Kubit’s Self-Service Analytics, every user in your organization can sign in to Kubit using their Google G-Suite credential. This Single Sign-On approach eliminates yet another set of username/password to be remembered, simplify user management, and also can improve security through G-Suite's Multi-Factor Authentication.

Requirements

  • Your organization uses Google G-Suite.
  • You have Admin role in G-suite.

JIT Provision

With SAML integration, once a user is created on your end (optionally included in a Security Group which has access to Kubit), that user can login to Kubit immediately. The user profile information will also be automatically updated at every login time.

When a user is deleted/deactivated on your end, they will lose access to Kubit immediately too. There is no offline communication required.

Configure Google OAuth

Step 1

  • Go to Google API Console
  • Choose an existing project or create a new project, call it "Kubit OAuth". Make sure to select the correct target Organization and Location. ‍
538538

Step 2

  • Switch to the newly created "Kubit OAuth" project. Click on "CONFIGURE CONSENT SCREEN"
797797

Step 3

  • Select "Internal" for User Type, click CREATE
600600

Enter the following information:
- App Information
- App name: Kubit
- User support email: select an internal email from your organization, like IT or support department.
- App Logo: please use this Kubit Logo

599599

App Domain:

600600

You don' t need to config any scopes. Just click "SAVE AND CONTINUE"

600600

Step 4

Go to Credentials, click on "CREATE CREDENTIALS", select "OAuth client ID"

643643 599599
  • Click CREATE. Copy "Your Client ID" and "Your Client Secret", then send them to Kubit team through a communicated secure channel (Slack, Google Hangout or Discord).
562562

Test Integration

  1. Only after Kubit inform you that the configuration is completed on their part, go to https://YOUR_ORG.kubit.ai
  2. At the login screen, start typing in your company email address.

📘

Login

The password field will disappear once the full email is entered.

  1. Click on "LOG IN" and use your company G-Suite credential to login.

References