Google Auth Module

Google authentication module allows users to log in to Space with their Google credentials: email address and password.

Enable Google authentication

The setup is performed in four steps, on the both Space and Google sides:

Get a Redirect URI from Space. This URI is generated by Space to identify the source of each login request to Google.
Enable Google People API.
Using the Redirect URI, generate a Client ID and Secret in the Google API Manager. Every login request sent from Space to Google includes a unique identifier. The ID and secret you store in the authentication module tell Google that each login request is authorized.
Provide the Client ID and Secret to Space and enable the Auth Module. When you have generated the Client ID and Secret in the Google API Manager, provide these values to Space and enable the Google Auth Module.

Log in to Space as a System Administrator.
On the main menu, click Administration and choose Auth Modules.
Click New auth module. The New Auth Module dialog opens.
From the Type drop-down list, select Google.
Copy the redirect URI that is displayed on the form under the Client ID field.
Click the link to access the Google API Manager. It will open in a new browser tab.
Log in to your Google account (if not already). The Google API Manager page will open.

On the Google API Manager page, select or create a project.
On the left, select Credentials.
From the Create credentials drop-down list, select OAuth client ID.
- The Create client ID page opens.
Click the Configure consent screen button.
On the OAuth consent screen page, enter a product name (Space) and click the Save button.
- You are redirected to the Create client ID page.
For the Application type, select Web application.
- Additional input fields for defining the client ID are shown.
In the Authorized redirect URIs field, paste the redirect URI you copied from the Google Auth Module page in Space.
Click the Create button.
- Google generates the credentials (client ID and secret) you need and displays them in a pop-up window.

Copy the client ID from Google and paste it into the Client ID input field on the Google Auth Module form in Space.
Copy the client secret from Google and paste it into the Client Secret input field on the Google Auth Module form in Space.
Configure the optional settings for the authentication module.
Switch the module status to Active.
- The Google authentication module is enabled.
- The Google icon is added to the login dialog window. Users can click this icon to authenticate and log in to Space with their Google accounts.

Setting	Description
Type	Name of the application or service that handles third-party authentication.
Status	Choose Active to enable the module.
Key	A unique identifier of the module. Keep the default key or specify a new one.
Name	A human-readable name to distinguish this module from other authentication modules in the Auth Modules list. Keep the default name or enter a new one.
Client ID	Stores the identifier Google uses to validate a login request. This value is generated in the Google API Manager when you configure the authorization settings for a web application and enter the redirect URI copied from Space.
Client Secret	Stores the secret or password used to validate the client ID. This value is generated in the Google API Manager along with the client ID.
User registration	On — Accounts in the Space organization will be created automatically for unregistered users who log in using Google authentication module. Off — Google logins will be only available to users who already have an account in the Space organization.
Restrict authentication to users with email addresses from the specified domains	When enabled, only the users with email addresses from the domain(s) you specified will be able to log in. Specify one or more allowed domains, e.g. `@gmail.com` or `@mycompany.com`.

Last modified: 07 July 2023