SSO Using Google ENTERPRISE
This page explains how to configure Google and then configure Styra.
Google OpenID Connect Configuration
To prepare Google OpenID Connect for signing on to <das-id>.styra.com
:
-
Sign in to the Google Developers Console at
https://console.developers.google.com/start
. -
Select an existing project or click Create Project to create a new one.
-
From the left-hand navigation panel, click Credentials. Alternatively, search for Credentials in the search bar and choose Credentials APIs & Services.
-
Click Create Credentials button to open the contextual menu, and then click OAuth client ID.
-
For Application type, select Web application.
-
Enter the following details in the displayed form and click Create.
- Name : Styra (or anything you prefer).
- Authorized redirect URIs:
https://<das-id>.styra.com/v1/oauth2/callback
.
-
The OAuth client created window will pop up with two pieces of data, Your Client ID and Your Client Secret. You must record this information in order to configure Styra in the next section.
Styra Configuration
At this point, Google is configured and you must configure <das-id>.styra.com
.
-
Sign in to
<das-id>.styra.com
with your username and password. -
Go to your Workspace, click Access Control >> Single Sign-On Providers and then click OpenID Connect >> + Add OpenID Connect Provider.
-
Enter the form with the following details:
- Provider name: Google (or anything you prefer).
- Issuer URL:
https://accounts.google.com
. - Client ID: Copy the Client ID value recorded in Step 6 of the previous section.
- Client Secret: Copy the Client Secret value recorded in Step 6 of the previous section.
- Allowed Domains: Type the allowed authentication domain(s) of your users. For example,
retail.acme.com
. If the identity provider supports multiple domains, only users with these domains are allowed to access the service. - Invited users only: If enabled, the authenticated user must have a pre-existing account in the service. If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains (and the identity provider has assigned this user to the Styra application).
- Enabled: set it to TRUE.
-
If you selected just-in-time provisioning for the users, you can now logout from
<das-id>.styra.com
and sign-in again using Google. Google is now displayed on<das-id>.styra.com
login screen above the username and password.
Invite Users to Styra (Optional)
If you configured <das-id>.styra.com
to allow only invited users to login to the service, then you must create users on <das-id>.styra.com
. You can add or invite users through the following options:
- Using the CLI.
- Using the GUI.
- Any client calling the Styra CLI API.