Skip to main content
All CollectionsAdministrationEnterprise Authentication
Enterprise Authentication - Google Workspace Setup
Enterprise Authentication - Google Workspace Setup

Integrate Astrato enterprise authentication with Google Workspace

Piers Batchelor avatar
Written by Piers Batchelor
Updated over 2 weeks ago

Introduction

This article shows you how to connect Google Workspace to the Astrato enterprise authentication function.


Helpful Links

Setup Information

The setup process has several stages, so we've listed them here. The instructions for each stage include aĀ ChecklistĀ listing any information you need to enter and any information you'll need to collect to complete the setup.Ā 

  • Google Workspaceā€”The setup begins in theĀ Google Cloud Console, where you'll need to create or open aĀ Project, add aĀ Google OAuth consent screenĀ for authorization, create authorizationĀ Credentials,Ā and enable theĀ APIsĀ you need to use.Ā 

  • Astratoā€”The integration setup with Astrato is managed in the Google WorkspaceĀ SetupĀ page, which is located in theĀ Enterprise AuthenticationĀ section of theĀ AdministrationĀ pages. You'll need to enter a Connection Name, Workspace Name, Client ID,and Client Secret.Ā 

Google Workspace

Checklist

  • Access to the Google Cloud Console for your organization.

  • Your organization name and location.

  • App links - home page, domain, privacy policy, terms of service, authorization provider.

  • TheĀ Sign out redirect URIĀ andĀ ScopesĀ are listed on theĀ SetupĀ page for Google Workspace in Astrato. You'll also need the browser request authentication URL.
    ā€‹

Project

  1. In the console's top bar, clickĀ Select a ProjectĀ to open the project screen

  2. If you're working from an existing project, select it and click Open.

  3. If you need to work from a new project, click New Project, then enter a project name, and select your organization and location, then click Create.

    Important: The project name and organization cannot be changed.

  4. You'll be taken to the project Dashboard when the projectĀ opens or is created. Click "Go to project settings"Ā to proceed to the next stage.Ā 

Google OAuth Consent Screen

Note: You must create a separate consent screen for each project. The Learn panel on the right provides more information about the consent screen.Ā 

  • In the project settings, open the navigation menu (the top left button on the screen).

  • Click on APIs and Services

  • Select OAuth Consent Screen from the dropdown.

Project configuration

* This step is done once for the whole project when the first Auth client is defined.

  • App Information-

    fill in the needed information and click next.

  • Audience

    Set the Audiecen to Internal and click next.

  • Contact Information

    Fill in the contact information and click next.

  • Finish

    Agree to the usage term, click continue, and then create.
    ā€‹

ā€‹

Define A Client Application

  • In the new side menu, click on clients and create client.

  • Select Web application as the application type.

  • Fill in the Additional Information:

    • Name- give the application a name

    • Authorized redirect URIs- paste the URL you gathered in the checklist step.

    • Click Create.

Add Scopes

  • Navigate to the Data Access tab in the left menu bar.
    ā€‹

  • Click on Add or Remove Scopes

  • Select the openid, email, and profile scopes, then click update.
    ā€‹

Enable API

In this step, we'll enable the APIs needed for the integration

  • In the dashboard, selectĀ APIs & ServicesĀ andĀ chooseĀ LibraryĀ from the dropdown.

  • When the library screen opens, search for Google Drive.

  • Click Enable to register the API. When the process completes you'll see a confirmation screen.

  • Repeat steps 3 and 4 for the Google Sheets API.

Client Secret and ID

  • The last step is to obtain the Client Secret and Client ID for setting up the integration in Astrato

  • In the left menu bar, select the Clients option and click on the client created in a previous step.
    ā€‹

  • Obtain the Client Secret and Client ID from the next screen.

Astrato

Checklist

  • Your Google Workspace domain name.

  • The Client ID and Client Secret created in the Google Cloud Console

Setup Page

  • Login to the Astrato site.

  • Navigate to the Google Workspace integration page using

    Administration > Enterprise Authentication > Google Workspace (Figure 7).

Figure 7: Google Workspace

Open the Setup page (Figure 8), and enter the configuration information:

  1. Connection name - this should be unique.

  2. Google Workspace domain - this should match the domain you entered in the project settings.

  3. Client ID - enter the value generated in Google cloud.

  4. Client secret - enter the value generated in Google cloud.

  5. Click Create to save the setup details. You should receive a confirmation that the connection has been enabled.

Figure 8: Astrato Set Up

One More Step Required

TheĀ "One more step required"Ā button appears at the top of the configuration screen (Figure 9). When the account screen opens, click to select the account you want to use. If the authorization is successful, you'll be taken to the confirmation screen. Close the window to return to the workspace.Ā 

Figure 9: One More Step Required

Delete

If you need to delete the connection, go to the bottom of the page, clickĀ Delete,Ā and confirm the deletion when the pop-up opens (Figure 10). Once the connection has been deleted, theĀ ConnectĀ option will appear again.Ā 

Figure 10: Delete Connection

SSO Login

Once the connection setup is complete, your users will have to login to Astrato using the SSO Screen. Any logins from other locations (e.g. LinkedIn) will return an error.

Enterprise Authentication Articles

The Administration articles collection includes articles on enterprise authentication, including anĀ IntroductionĀ and setup articles for other integrations.Ā 

Did this answer your question?