Last updated
Was this helpful?
main
Last updated
Was this helpful?
Integrating Google as your Single Sign-On (SSO) provider enables users to authenticate with their Google accounts, ensuring secure and streamlined access to Devtron. This document walks you through setting up Google SSO in Devtron, ensuring users can log in smoothly.
To configure Google SSO in Devtron, you will need:
Super Admin permissions
Only a can configure SSO. If you are setting up SSO for the first time, use instead.
A Google Cloud account to create and manage OAuth credentials. If you don’t have one, you must create it at the .
Before configuring Google as an SSO provider,
Ensure that the is correctly configured in Devtron. This is crucial because the Redirect URI is generated based on the Host URL.
You need to retrieve the Redirect URI from Devtron, which will be required in Google Cloud while setting up OAuth credentials.
Log in to Devtron.
Navigate to Global Configurations → SSO Login Services.
Select Google as the authentication provider.
Enter the Host URL in the URL field. (This is essential to generate the correct Redirect URI.)
Copy the Redirect URI displayed in this section. You will need to enter this in Google Cloud.
The next step is to configure OAuth credentials in Google Cloud Console. This involves creating a Google OAuth Client ID and Client Secret, which will be used in Devtron for authentication.
Navigate to APIs & Services → OAuth Consent Screen and configure the required details as shown on the screen.
In APIs & Services → Credentials, create a new OAuth Client ID:
Select 'Web application' as the application type.
Paste the Redirect URI (copied from Devtron) under Authorized Redirect URIs.
Click Create to generate the Client ID and Client Secret.
Google SSO Requires a Valid Domain with HTTPS
Examples of valid URIs:
✅ https://devtron.example.com/api/dex/callback
✅ https://auth.yourcompany.com/callback
Examples of invalid URIs:
❌ http://localhost:8080/callback
❌ http://192.168.1.10/callback
You can see a new client ID is created in the APIs & Services → Credentials, under OAuth 2.0 Client IDs section. To obtain Client ID and Client Secret, click on the name (devtron-sso in our case) of the OAuth 2.0 Client IDs
Copy the Client ID and Client Secret, as they will be required in Devtron’s SSO configuration.
The next step is to configure Devtron to use these credentials for authentication. For this, navigate back to Global Configurations → SSO Login Services, here you can already find a configuration template.
In the configuration,
Enter the OAuth Credentials:
Paste the Client ID obtained from Google Cloud in the clientID field.
Paste the Client Secret obtained from Google Cloud in the clientSecret field.
Configure Hosted Domains (Optional):
If you want to restrict authentication to specific domains (e.g., only users from company.com can log in), add these under hostedDomains in Devtron.
If you want to allow all users with any valid Google account, remove the entire hostedDomains section from the configuration.
Enter the Redirect URI:
Copy the Redirect URI displayed in Devtron and paste the value in the redirectURI field.
Click Update to save the configuration, once saved, Google SSO is successfully configured
Although Google SSO is now set up, users will not be able to sign in unless they are explicitly added to Devtron with the necessary permissions.
To ensure users can log in:
Go to Global Configurations → Authorization → User Permissions.
Click Add User.
Enter their email (matching their Google account).
Assign the required role.
Click Save to complete the setup.
Once saved, Devtron will use Google OAuth for authentication, allowing users to log in using their Google accounts.
Access and create a new project or select an existing one.
Google does not support IP addresses as valid redirect URIs. You must use a valid domain name () accessible over HTTPS.
For a detailed step-by-step guide, refer to Google’s official documentation: .
For detailed steps on managing user permissions, refer to the .
