Google OAuth
SSO with G-Suite
Introduction
By integrating Google OAuth with Kubit’s Self-Service Analytics, every user in your organization can sign in to Kubit using their Google G-Suite credential. This Single Sign-On approach eliminates yet another set of username/password to be remembered, simplify user management, and also can improve security through G-Suite's Multi-Factor Authentication.
Requirements
- Your organization uses Google G-Suite.
- You have Admin role in G-suite.
JIT Provision
With SAML integration, once a user is created on your end (optionally included in a Security Group which has access to Kubit), that user can login to Kubit immediately. The user profile information will also be automatically updated at every login time.
When a user is deleted/deactivated on your end, they will lose access to Kubit immediately too. There is no offline communication required.
Configure Google OAuth
Step 1
- Go to Google API Console
- Choose an existing project or create a new project, call it "Kubit OAuth". Make sure to select the correct target Organization and Location.
![624a17cf3c091d5b96ab2cea_image-png-May-18-2021-06-05-29-52-PM.png 538](https://files.readme.io/f48c84a-624a17cf3c091d5b96ab2cea_image-png-May-18-2021-06-05-29-52-PM.png)
Step 2
- Switch to the newly created "Kubit OAuth" project. Click on "CONFIGURE CONSENT SCREEN"
![624a17d0a572deb41b7fa075_image-png-Mar-10-2021-12-23-27-33-AM.png 797](https://files.readme.io/807655d-624a17d0a572deb41b7fa075_image-png-Mar-10-2021-12-23-27-33-AM.png)
Step 3
- Select "Internal" for User Type, click CREATE
![624a17cfa51dfba114739caa_image-png-Mar-10-2021-12-25-25-25-AM.png 600](https://files.readme.io/15526c1-624a17cfa51dfba114739caa_image-png-Mar-10-2021-12-25-25-25-AM.png)
Enter the following information:
- App Information
- App name: Kubit
- User support email: select an internal email from your organization, like IT or support department.
- App Logo: please use this Kubit Logo
![624a17cfe6c030d5be618dde_image-png-Mar-10-2021-12-33-27-28-AM.png 599](https://files.readme.io/e99d3b3-624a17cfe6c030d5be618dde_image-png-Mar-10-2021-12-33-27-28-AM.png)
App Domain:
- Application home page: https://YOUR-ORG.kubit.ai (provided by Kubit)
- Application privacy policy link: https://www.kubit.ai/privacy-policy
- Application terms of service link: https://www.kubit.ai/terms-of-service
- Authorized domains: kubit.ai
- Developer contact information: [email protected]
![624a17d0d128c7e33039543e_image-png-Mar-10-2021-12-37-38-67-AM.png 600](https://files.readme.io/4e472e1-624a17d0d128c7e33039543e_image-png-Mar-10-2021-12-37-38-67-AM.png)
You don' t need to config any scopes. Just click "SAVE AND CONTINUE"
![624a17d053b0ab5fdf0c9b48_image-png-Mar-10-2021-12-39-57-01-AM.png 600](https://files.readme.io/6fe08b0-624a17d053b0ab5fdf0c9b48_image-png-Mar-10-2021-12-39-57-01-AM.png)
Step 4
Go to Credentials, click on "CREATE CREDENTIALS", select "OAuth client ID"
![624a17d157c773678db37aff_image-png-Mar-10-2021-12-41-56-41-AM.png 643](https://files.readme.io/1b50e4b-624a17d157c773678db37aff_image-png-Mar-10-2021-12-41-56-41-AM.png)
- Select Application type: "Web application"
- Name: Kubit
- Authorized Javascript origins: https://auth.kubit.ai and https://kubit.auth0.com
- Authorized redirect URIs: https://auth.kubit.ai/login/callback and https://kubit.auth0.com/login/callback
![624a17d07b96d37f8310f9c7_image-png-Mar-11-2021-11-16-33-45-PM.png 599](https://files.readme.io/9e15235-624a17d07b96d37f8310f9c7_image-png-Mar-11-2021-11-16-33-45-PM.png)
- Click CREATE. Copy "Your Client ID" and "Your Client Secret", then send them to Kubit team through a communicated secure channel (Slack, Google Hangout or Discord).
![624a17d157c773beedb37afe_image-png-Mar-10-2021-12-51-21-76-AM.png 562](https://files.readme.io/6e0849c-624a17d157c773beedb37afe_image-png-Mar-10-2021-12-51-21-76-AM.png)
Test Integration
- Only after Kubit inform you that the configuration is completed on their part, go to https://YOUR_ORG.kubit.ai
- At the login screen, start typing in your company email address.
Login
The password field will disappear once the full email is entered.
- Click on "LOG IN" and use your company G-Suite credential to login.
References
Updated 5 months ago