Google Workspace (oAuth)
Last updated
Was this helpful?
Last updated
Was this helpful?
Google integration allows to connect Cusna with your Google Workspace account to let user self-onboard via the WiFi Portal. When relyon og Google as IdP, Cusna support two main onboardign workflows:
Google SSO: users are redirected to your organization Google authenticaiton screen
Passwordless identification: users enters their email address and if it is present in your Google directory and authroized, the user receives a magic link on his email to access the WiFi Portal
You need a Google Cloud account and a Project.
If you do not have an existing project suitable for this purpose, start by creating a new project. Form the main dashboard, click the menu next to the Google Cloud logo and select "+ New Project".
Once you have a Project, make sure it is selected in the main dropdown next to the Google Cloud logo.
Next, go to API & Services and open OAuth consent screen to configure the consent screen.
Click Get Started to launch the setup wizard.
In the first screen App Information, enter a Name for your App (e.g. "Cusna") and select a support email.
In the second step, Contact Information, enter an email address.
Go to the last step to access the terms and Create the App,
On the left sidebar, select Branding.
Fill in the required data about privacy policy and terms, app logo. Scroll the page until you find the Authorized domains section and enter your company domain ("company.com")
Click Save at the bottom of the page to save settings.
On the left sidebar, select Data Access. Add the following scopes by clicking "Add or Remove Steps":
/auth/userinfo.email
/auth/userinfo.profile
Usually, you'll find these Scopes at the beginning of the list of scopes that appears on the right panel.
On the left sidebar, select Clients.
Select "+ Create Credentials" and pick "OAuth client ID".
The Create OAuth client ID page appears. For Application type select Web application. Define a Name that users will see in the authentication screen.
In Authorized JavaScript origins enter the following list of values:
In Authorized redirect URIs, enter the following list of values:
At the end of the process, a dialog will show you the credentials you've just created. Copy the Client ID and Client Secret, as you'll need them in the next steps to finalize the setup in the Cusna dashboard.
Finally make sure to have enabled the proper API services. Go to Enabled APIs & Services form the main sidebar menu.
Make sure to have in the list:
Admin SDK APIs
If this API is not in your list, click + Enable APIs & Services and in the new page find and enable Admin SDK APIs.
Go to Setup > Integrations and click New Integrations in the Identity Providers card. Select Google Account.
Enter your Google Cloud domain in the Domain filed.
Fill the Client ID and Client secret inputs with the values created in the step above.
A User with Google Admin permissions needs to click on the Setup button to authorize the app.
On click, a new widows opens up int he browser, where the user is redirected to login with Google and then to accept the required permissions and scopes on behalf of the organization.
Once the Google integration is complete, go to Setup, General in the Access Control & Onboarding card.
Here you can configure advances options such as:
Label for the button that appears in the WiFi Portal
Enable access only for users that belong to one of the mapped groups
In the second step, Audience, select Internal and click Next.
Once selected, click Update and they will be listed in the main screen in the table "Your non-sensitive scopes".
Configure rules
