Google Auth Module
Google authentication module allows users to log in to Space with their Google credentials: email address and password.
Enable Google authentication
The setup is performed in three steps, on both Space and Google side:
Get a Redirect URI from Space. This URI is generated by Space to identify the source of each login request to Google.
Using the Redirect URI, generate a Client ID and Secret in the Google API Manager. Every login request sent from Space to Google includes a unique identifier. The ID and secret you store in the authentication module tell Google that each login request is authorized.
Provide the Client ID and Secret to Space and enable the Auth Module. When you have generated the Client ID and Secret in the Google API Manager, provide these values to Space and enable the Google Auth Module.
Get a redirect URI from the Google Auth Module in Space:
Log in to Space as a System Administrator.
On the navigation bar, click Administration and choose Auth Modules.
Click New auth module. The New Auth Module dialog opens.
From the Type drop-down list, select Google.
Copy the redirect URI that is displayed on the form under the Client ID field.
Click the link to access the Google API Manager. It will open in a new browser tab.
Log in to your Google account (if not already). The Google API Manager page will open.
Enable Google People API
On the Google API Manager page, choose Library from the left-hand menu.
On the API Library page, scroll down and choose Google People API
On the Google People API page, click Enable.
Generate a Client ID and Secret in the Google API Manager
On the Google API Manager page, select or create a project.
On the left, select Credentials.
From the Create credentials drop-down list, select OAuth client ID.
The Create client ID page opens.
Click the Configure consent screen button.
On the OAuth consent screen page, enter a product name (Space) and click the Save button.
You are redirected to the Create client ID page.
For the Application type, select Web application.
Additional input fields for defining the client ID are shown.
In the Authorized redirect URIs field, paste the redirect URI you copied from the Google Auth Module page in Space.
Click the Create button.
Google generates the credentials (client ID and secret) you need and displays them in a pop-up window.
Provide the credentials and enable the Google Auth Module in Space
Copy the client ID from Google and paste it into the Client ID input field on the Google Auth Module form in Space.
Copy the client secret from Google and paste it into the Client Secret input field on the Google Auth Module form in Space.
Configure the optional settings for the authentication module.
Switch the module status to Active.
The Google authentication module is enabled.
The Google icon is added to the login dialog window. Users can click this icon to authenticate and log in to Space with their Google accounts.
Google authentication settings
|Type||Name of the application or service that handles third-party authentication.|
|Status||Choose Active to enable the module.|
|Key||A unique identifier of the module. Keep the default key or specify a new one.|
|Name||A human-readable name to distinguish this module from other authentication modules in the Auth Modules list. Keep the default name or enter a new one.|
|Client ID||Stores the identifier Google uses to validate a login request. This value is generated in the Google API Manager when you configure the authorization settings for a web application and enter the redirect URI copied from Space.|
|Client Secret||Stores the secret or password used to validate the client ID. This value is generated in the Google API Manager along with the client ID.|
On — Accounts in the Space organization will be created automatically for unregistered users who log in using Google authentication module.
Off — Google logins will be only available to users who already have an account in the Space organization.
|Restrict authentication to users with email addresses from the specified domains|
When enabled, only the users with email addresses from the domain(s) you specified will be able to log in.
Specify one or more allowed domains, e.g.