Setting up SSO with Google Workspace
This guide walks you through the setup process for enabling Single Sign-On (SSO) for your instance with Google Workspace. Once the SSO is configured for your instance, users will be redirected to your configured Google Workspace domain to complete the login.
We support SSO login to cptn.io instance using OAuth/OpenID Connect (OIDC).
Setup Instructions
In cptn.io instance
- Login to your cptn.io instance.
- Navigate to Settings page from left nav.
- Click Single Sign-On tab on the page.
- A SSO Configuration page will be displayed.
- Copy the Redirect URI shown for your instance. This URL will be used for defining configuration in your identity provider.
In Google Workspace
- Login to your Google console and create a new project.
- Navigate to OAuth consent screen. Ensure that correct project is selected.
- Select User Type as Internal
- Provide an App name. e.g. cptn-prod
- Provide the base domain where you have hosted your cptn.io instance as an Authorized domain.
- Provide other required information on the form.
- Click Save and Continue
- Click Add OR Remove Scopes
- Select openid, profile, email scopes from the list in the flyout panel.
- Click Update on the flyout panel.
- Click Save and Continue
- Verify the configuration is valid in the Summary page.
- Navigate to Google Console Credentials page.
- Click Create Credentials and select OAuth Client ID.
- Provide your base domain as Authorized JavaScript origins. For example, if you are hosting your instance at https://demo.example.com, provide this domain url as the value.
- Provide the previously copied Redirect URI as Authorized redirect URIs.
- Click Create button
- Copy the generated Client ID and Client Secret values.
Back in cptn.io instance
- Login to your cptn.io instance.
- Navigate to Settings page from left nav.
- Click Single Sign-On tab on the page.
- A SSO Configuration page will be displayed.
- Provide the Client ID copied from Google Console.
- Provide the Client Secret copied from Google Console.
- Provide OIDC Configuration Well-Known URL for your Google Workspace. The Well-Known URL for Google Workspaces is
https://accounts.google.com/.well-known/openid-configuration
.
8. Toggle Active to ON. 9. Leave Allow login only with SSO to OFF for now until the SSO configuration is tested. 10. To support creating users on your cptn.io instance on first login via SSO, set Auto Create User on Login to ON. 11. Click Save Changes
The SSO configuration is now complete. You can now logout and try logging using your SSO credentails.
Once you confirm that the SSO based login is successful, remember to update the SSO configuration to set Allow login only with SSO to ON to disable Password-based login to your instance.