Google Workspace (oAuth)
Last updated
Last updated
Google integration allows to connect Cusna with your Google Workspace account to let user self-onboard via the WiFi Portal. When relyon og Google as IdP, Cusna support two main onboardign workflows:
Google SSO: users are redirected to your organization Google authenticaiton screen
Passwordless identification: users enters their email address and if it is present in your Google directory and authroized, the user receives a magic link on his email to access the WiFi Portal
You need a Google Cloud account and a Project.
If you do not have an existing project suitable for this purpose, start by creating a new project. Form the main dashboard, click the menu next to the Google Cloud logo and select "+ New Project".
Once you have a Project, make sure it is selected in the main dropdown next to the Google Cloud logo.
Next, go to API & Services and open OAuth consent screen to configure the consent screen.
In the first step of the OAuth consent screen dialog, select Internal as User Type.
Next, fill in all the information about app name, privacy policy and terms, app domain and logo. In this section, in the Authorized domains section, insert:
cusna.io
In the second step of the wizard, Scopes, add the following scopes by clicking "Add or Remove Steps":
/auth/userinfo.email
/auth/userinfo.profile
Usually, you'll find these Scopes at the beginning of the list of scopes that appears on the right panel.
Once selected, click Update and they will be listed in the main screen in the table "Your non-sensitive scopes".
Once finalized the configuration of the OAuth consent screen, go to API & Services and open Credentials.
Select "+ Create Credentials" and pick "OAuth client ID".
The Create OAuth client ID page appears. For Application type select Web application. Define a Name that users will see in the authentication screen.
In Authorized JavaScript origins enter the following list of values:
In Authorized redirect URIs, enter the following list of values:
At the end of the process, select the credential you just created in the main page to view its details. On the right side of the page find a copy:
Client ID
Client secret
You'll need the Client ID and Client secret later to finalize the setup in the Cusna dashboard.
Finally make sure to have enabled the proper API services. Go to Enabled APIs & Services and make sure to have in the list:
Admin SDK APIs
If this API is not in your list, click + Enable APIs & Services and in the new page find and enable Admin SDK APIs.
Go to Setup > Integrations and click New Integrations in the Identity Providers card. Select Google Account.
Enter your Google Cloud domain in the Domain filed.
Fill the Client ID and Client secret inputs with the values created in the step above.
A User with Google Admin permissions needs to click on the Setup button to authorize the app.
On click, a new widows opens up int he browser, where the user is redirected to login with Google and then to accept the required permissions and scopes on behalf of the organization.
The app requires permissions that not all Google users in your organizations might have. We advise that the same user who initialized the app in the Google Cloud console also to complete this step.
Once the Google integration is complete, go to Setup, General in the Access Control & Onboarding card.
Here you can configure advances options such as:
Label for the button that appears in the WiFi Portal
Configure Group Mapping rules
Enable access only for users that belong to one of the mapped groups