Google IdP Configuration
You can configure Google as Identity Provider (IdP) in the Onegini IDP. The Onegini IDP uses OAuth 2.0 protocol to integrate with Google APIs. This chapter will guide you though all steps that are required to fully configure and use the Google IdP with the Onegini IDP.
What is required?
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
- Onegini IDP must have the
Username & passwordidentity provider configured
Configure Google identity provider
To register a Google IdP within the Onegini IDP as an Identity Provider first you need to create an application on Google platform and obtain it's
Client ID and
Client Secret. Please check official Google documentation to see how it can be done. Next visit the
http://idp-core.dev.onegini.me:8082/admin page and login to the Onegini IDP admin console. Select
Config menu option and navigate to
Identity Providers tab.
+ button to create a new Identity Provider configuration. Fill in the form as follows:
Type- open the dropdown list and select
Name- name your Google IdP instance
Authentication Level- choose desired authentication level
Enabled- mark your Identity Provider as enabled
OAuth attributes- paste your Google
Client Scopecan be set to
https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/user.addresses.read https://www.googleapis.com/auth/user.birthday.read https://www.googleapis.com/auth/user.phonenumbers.reador other value depending on the expected type of data. If left blank default
https://www.googleapis.com/auth/profilescope will be used. You can read more about supported scopes in the official Google documentation
Attributes mappings- as you already noticed the Onegini IDP within the configuration form also gives you option to define the attribute mappings. It's a very useful functionality which let's you define "translations" for user's profile and custom attributes. The automatic Sign-up (Just-In-Time-Sign-up) functionality requires at least
Email addressattribute to mapped from the external identity provider (Google). Depending on the scope that you use you can also provide additional mappings for other fields. To get more info about attribute mappings please check the Attribute Mappings topic guide.
Example attribute mappings configuration for Google IdP could look as follows:
|Attribute to map to||Attribute to map from|
|State or province||region|
|Date of birth||birthday|
Configure automatic sign-up feature in Onegini IDP
After successful defining the new Google IdP configuration in the Onegini IDP's admin console please select the
Config menu option and navigate to the
Feature management tab and check
Just-in-time external IdP sign-up enabled in
Processes section. The
Bind multiple social accounts with one CIM-account feature instructs
the Onegini IDP to automatically couple the Google account with an account which already exists within the Onegini IDP. Please note that the coupling will only
take place in case a person with the email address returned by the Google's services will be already registered within the Onegini IDP.
To test automatic sign-up with Google please try login to Onegini IDP by selecting Google identity provider available on login page. If everything was configured correctly the new person account should be created automatically without showing the sign-up form, instead you should be redirected straight to the personal dashboard page.