Google Workspace

Avion supports Single Sign-On using Google Workspace and Cloud Identity through the generic OpenID connector. This guide will walk you through how to configure a Google Cloud Project and obtain the necessary configuration settings required for the integration.

Step 1: Choose your SSO provider

In Avion, go to your organization's Single Sign-On section. Select OpenID Connect from the list of available providers:

Step 2: Obtain OAuth 2.0 Credentials

We need to setup a new Google Cloud Project with OpenID configured as a credential so that we can obtain the following settings:

• Client ID

• Client Secret

• Authorization Endpoint

• Token Endpoint

• UserInfo Endpoint

Step 2.1: Create a Google Cloud Project

1. Go to your Google Developer Console dashboard for APIs & Services: https://console.cloud.google.com/apis/dashboard

2. Click Create project

3. Complete the form, ensuring you set the Project name to Avion

Step 2.2: Configure OAuth consent screen

1. Under your chosen project, select OAuth consent screen from the left-hand menu

2. Choose Internal as the User Type to ensure only users within your Google Workspace organisation can authenticate

3. Click Create

On the following App information screen, set the following values:

1. App name: Avion

2. Support email: Select appropriate option from dropdown

3. App logo: Download the logo below and upload

1. Application home page: https://www.avion.io

2. Authorized domains: avion.io

3. Developer contact email: Enter your IT team's email address

4. Click Save and continue

1. On the next screen, add the following scopes, then click Update:

   1. userinfo.email

   2. userinfo.profile

   3. openid

1. Finally, click Save and continue

Step 2.3: Create OAuth client

1. From the Credentials screen, click Create credentials and select OAuth client ID

1. On the next screen, set the following values:

   1. Application type: Web application

   2. Name: Avion

   3. Authorized redirect URIs: https://auth.app.avion.io

2. Click Create

3. Note down the Client ID and Client secret

Step 3: OpenID Connect setup form

Now all that's left to do is configure our OpenID Connect integration using the values obtained from Step 2 above:

1. Client ID: use value obtained from Step 2

2. Client secret: use value obtained from Step 2

3. Auth endpoint: https://accounts.google.com/o/oauth2/auth

4. Token endpoint: https://www.googleapis.com/oauth2/v3/token

5. UserInfo endpoint: https://www.googleapis.com/oauth2/v3/userinfo

Once you have populated the setup form with the relevant details, hit Save Configuration and you're done!