Google Workspace
Read about Avion's SSO integration with a Google Workspace.
Avion supports Single Sign-On using Google Workspace and Cloud Identity through the generic OpenID connector. This guide will walk you through how to configure a Google Cloud Project and obtain the necessary configuration settings required for the integration.
Step 1: Choose your SSO provider
In Avion, go to your organization's Single Sign-On section. Select OpenID Connect from the list of available providers:
Step 2: Obtain OAuth 2.0 Credentials
We need to setup a new Google Cloud Project with OpenID configured as a credential so that we can obtain the following settings:
Client ID
Client Secret
Authorization Endpoint
Token Endpoint
UserInfo Endpoint
Step 2.1: Create a Google Cloud Project
Go to your Google Developer Console dashboard for APIs & Services: https://console.cloud.google.com/apis/dashboard
Click Create project
Complete the form, ensuring you set the Project name to Avion
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252FTG8JuyEHoLdjmr5tTpsF%252Fgoogle-workspace-new-project.png%3Falt%3Dmedia%26token%3D879e0779-b8d8-432c-8a8a-2d12986e6956&width=768&dpr=4&quality=100&sign=a69bafb5&sv=1)
Step 2.2: Configure OAuth consent screen
Under your chosen project, select OAuth consent screen from the left-hand menu
Choose Internal as the User Type to ensure only users within your Google Workspace organisation can authenticate
Click Create
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252FLWT3St1xON7BYp57hdla%252Fgoogle-workspace-consent-screen.png%3Falt%3Dmedia%26token%3D3eb6712a-9eaf-45ea-8b4b-2ff71811cbdb&width=768&dpr=4&quality=100&sign=4131b59b&sv=1)
On the following App information screen, set the following values:
App name: Avion
Support email: Select appropriate option from dropdown
App logo: Download the logo below and upload
Application home page: https://www.avion.io
Authorized domains: avion.io
Developer contact email: Enter your IT team's email address
Click Save and continue
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252Fb88JhXpPFXkxuLeKBCR0%252FXnapper-2023-02-22-15.21.24.png%3Falt%3Dmedia%26token%3Dc4a7907b-66ba-40ac-9449-fedbf05ad398&width=768&dpr=4&quality=100&sign=ba493b16&sv=1)
On the next screen, add the following scopes, then click Update:
userinfo.email
userinfo.profile
openid
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252Fz2zT8AQ38cuqPS5D6sok%252Fgoogle-workspace-scopes.png%3Falt%3Dmedia%26token%3D37f33490-72bd-4863-bac7-bf75ee8de9ea&width=768&dpr=4&quality=100&sign=2f2adb42&sv=1)
Finally, click Save and continue
Step 2.3: Create OAuth client
From the Credentials screen, click Create credentials and select OAuth client ID
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252F6RM1jqvexSnimF2Y6I1P%252Fgoogle-workspace-create-creds.png%3Falt%3Dmedia%26token%3De3fc66b7-e3d6-49de-8286-269b4789160d&width=768&dpr=4&quality=100&sign=1d4a6f7e&sv=1)
On the next screen, set the following values:
Application type: Web application
Name: Avion
Authorized redirect URIs: https://auth.app.avion.io
Click Create
Note down the Client ID and Client secret
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252FwHzrQlTVIEpneqTtErCW%252Fgoogle-workspace-oauth-client-values.png%3Falt%3Dmedia%26token%3D2599d247-0e5b-459d-9cb0-f6f144420b30&width=768&dpr=4&quality=100&sign=1f30714f&sv=1)
Step 3: OpenID Connect setup form
Now all that's left to do is configure our OpenID Connect integration using the values obtained from Step 2 above:
Client ID: use value obtained from Step 2
Client secret: use value obtained from Step 2
Auth endpoint: https://accounts.google.com/o/oauth2/auth
Token endpoint: https://www.googleapis.com/oauth2/v3/token
UserInfo endpoint: https://www.googleapis.com/oauth2/v3/userinfo
Once you have populated the setup form with the relevant details, hit Save Configuration and you're done!
![](https://help.avion.io/~gitbook/image?url=https%3A%2F%2F3578170569-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-LL6HR00hwiJJav4pLph%252Fuploads%252F0eS6GxVzli7tGDTD2dFW%252Fgoogle-workspace-avion-sso-form.png%3Falt%3Dmedia%26token%3Dbeaea3f0-96e3-4de2-bbb4-c2bf6b8c6d23&width=768&dpr=4&quality=100&sign=770e64bf&sv=1)
Last updated