Google

Introduction

Integrating Google as your Single Sign-On (SSO) provider enables users to authenticate with their Google accounts, ensuring secure and streamlined access to Devtron. This document walks you through setting up Google SSO in Devtron, ensuring users can log in smoothly.

Prerequisites

To configure Google SSO in Devtron, you will need:

• Super Admin permissions

  • Only a Super-Admin can configure SSO. If you are setting up SSO for the first time, use Admin Credentials instead.

• A Google Cloud account to create and manage OAuth credentials. If you don’t have one, you must create it at the Google Cloud Console.

Get the Redirect URI from Devtron

Before configuring Google as an SSO provider,

• Ensure that the Host URL is correctly configured in Devtron. This is crucial because the Redirect URI is generated based on the Host URL.

• You need to retrieve the Redirect URI from Devtron, which will be required in Google Cloud while setting up OAuth credentials.

  • Log in to Devtron.

  • Navigate to Global Configurations → SSO Login Services.

  • Select Google as the authentication provider.

  • Enter the Host URL in the URL field. (This is essential to generate the correct Redirect URI.)

  • Copy the Redirect URI displayed in this section. You will need to enter this in Google Cloud.

Configure OAuth in Google Cloud Console

The next step is to configure OAuth credentials in Google Cloud Console. This involves creating a Google OAuth Client ID and Client Secret, which will be used in Devtron for authentication.

To set up OAuth, follow these steps:

• Access Google Cloud Console and create a new project or select an existing one.

• Navigate to APIs & Services → OAuth Consent Screen and configure the required details as shown on the screen.

• In APIs & Services → Credentials, create a new OAuth Client ID:

  • Select 'Web application' as the application type.

  • Paste the Redirect URI (copied from Devtron) under Authorized Redirect URIs.

• Click Create to generate the Client ID and Client Secret.

You can see a new client ID is created in the APIs & Services → Credentials, under OAuth 2.0 Client IDs section. To obtain Client ID and Client Secret, click on the name (devtron-sso in our case) of the OAuth 2.0 Client IDs

Copy the Client ID and Client Secret, as they will be required in Devtron’s SSO configuration.

For a detailed step-by-step guide, refer to Google’s official documentation: Get Google API Client ID.

Configure Google SSO in Devtron

The next step is to configure Devtron to use these credentials for authentication. For this, navigate back to Global Configurations → SSO Login Services, here you can already find a configuration template.

Configuration

In the configuration,

• Enter the OAuth Credentials:

  • Paste the Client ID obtained from Google Cloud in the clientID field.

  • Paste the Client Secret obtained from Google Cloud in the clientSecret field.

• Configure Hosted Domains (Optional):

  • If you want to restrict authentication to specific domains (e.g., only users from company.com can log in), add these under hostedDomains in Devtron.

  • If you want to allow all users with any valid Google account, remove the entire hostedDomains section from the configuration.

• Enter the Redirect URI:

  • Copy the Redirect URI displayed in Devtron and paste the value in the redirectURI field.

• Click Update to save the configuration, once saved, Google SSO is successfully configured

Important: Enable User Access After SSO Setup

To ensure users can log in:

• Go to Global Configurations → Authorization → User Permissions.

• Click Add User.

• Enter their email (matching their Google account).

• Assign the required role.

• Click Save to complete the setup.

Once saved, Devtron will use Google OAuth for authentication, allowing users to log in using their Google accounts.

For detailed steps on managing user permissions, refer to the User Permissions Documentation.

Reference

• View Google Documentation

• View Dex IdP Documentation