Introduction
This article shows you how to connect Google Workspace to the Astrato enterprise authentication function.
Helpful Links
Setup Information
The setup process has several stages, so we've listed them here. The instructions for each stage include aĀ ChecklistĀ listing any information you need to enter and any information you'll need to collect to complete the setup.Ā
Google WorkspaceāThe setup begins in theĀ Google Cloud Console, where you'll need to create or open aĀ Project, add aĀ Google OAuth consent screenĀ for authorization, create authorizationĀ Credentials,Ā and enable theĀ APIsĀ you need to use.Ā
AstratoāThe integration setup with Astrato is managed in the Google WorkspaceĀ SetupĀ page, which is located in theĀ Enterprise AuthenticationĀ section of theĀ AdministrationĀ pages. You'll need to enter a Connection Name, Workspace Name, Client ID,and Client Secret.Ā
Google Workspace
Checklist
Access to the Google Cloud Console for your organization.
Your organization name and location.
App links - home page, domain, privacy policy, terms of service, authorization provider.
TheĀ Sign out redirect URIĀ andĀ ScopesĀ are listed on theĀ SetupĀ page for Google Workspace in Astrato. You'll also need the browser request authentication URL.
ā
Project
In the console's top bar, clickĀ Select a ProjectĀ to open the project screen
If you're working from an existing project, select it and click Open.
If you need to work from a new project, click New Project, then enter a project name, and select your organization and location, then click Create.
Important: The project name and organization cannot be changed.
You'll be taken to the project Dashboard when the projectĀ opens or is created. Click "Go to project settings"Ā to proceed to the next stage.Ā
Google OAuth Consent Screen
Note: You must create a separate consent screen for each project. The Learn panel on the right provides more information about the consent screen.Ā
In the project settings, open the navigation menu (the top left button on the screen).
Click on APIs and Services
Select OAuth Consent Screen from the dropdown.
Project configuration
* This step is done once for the whole project when the first Auth client is defined.
Audience
Set the Audiecen to Internal and click next.
Contact Information
Fill in the contact information and click next.
Finish
Agree to the usage term, click continue, and then create.
ā
ā
Define A Client Application
In the new side menu, click on clients and create client.
Select Web application as the application type.
Fill in the Additional Information:
Add Scopes
Navigate to the Data Access tab in the left menu bar.
āClick on Add or Remove Scopes
Select the openid, email, and profile scopes, then click update.
ā
Enable API
In this step, we'll enable the APIs needed for the integration
In the dashboard, selectĀ APIs & ServicesĀ andĀ chooseĀ LibraryĀ from the dropdown.
When the library screen opens, search for Google Drive.
Click Enable to register the API. When the process completes you'll see a confirmation screen.
Repeat steps 3 and 4 for the Google Sheets API.
Client Secret and ID
The last step is to obtain the Client Secret and Client ID for setting up the integration in Astrato
In the left menu bar, select the Clients option and click on the client created in a previous step.
āObtain the Client Secret and Client ID from the next screen.
Astrato
Checklist
Your Google Workspace domain name.
The Client ID and Client Secret created in the Google Cloud Console
Setup Page
Login to the Astrato site.
Navigate to the Google Workspace integration page using
Administration > Enterprise Authentication > Google Workspace (Figure 7).
Figure 7: Google Workspace
Open the Setup page (Figure 8), and enter the configuration information:
Connection name - this should be unique.
Google Workspace domain - this should match the domain you entered in the project settings.
Client ID - enter the value generated in Google cloud.
Client secret - enter the value generated in Google cloud.
Click Create to save the setup details. You should receive a confirmation that the connection has been enabled.
Figure 8: Astrato Set Up
One More Step Required
TheĀ "One more step required"Ā button appears at the top of the configuration screen (Figure 9). When the account screen opens, click to select the account you want to use. If the authorization is successful, you'll be taken to the confirmation screen. Close the window to return to the workspace.Ā
Figure 9: One More Step Required
Delete
If you need to delete the connection, go to the bottom of the page, clickĀ Delete,Ā and confirm the deletion when the pop-up opens (Figure 10). Once the connection has been deleted, theĀ ConnectĀ option will appear again.Ā
Figure 10: Delete Connection
SSO Login
Once the connection setup is complete, your users will have to login to Astrato using the SSO Screen. Any logins from other locations (e.g. LinkedIn) will return an error.
Enterprise Authentication Articles
The Administration articles collection includes articles on enterprise authentication, including anĀ IntroductionĀ and setup articles for other integrations.Ā