Auto-Create Users From Specific Domain With Google Workplace
Auto-Create Users From Specific Domain With Google Workplace
The Agilicus Managed Upstream Providers option of ‘Google’ allows users to sign in with GMail and Google Workplace (G Suite) with zero-configuration. In some circumstances (for example, to enable the use of auto-create locked to a specific domain) you may wish to create your own Google Identity Provider setup.
To do so, we will use the Google Console, create a Credential, OAUth2, Web application, and from there obtain a client-id and client-secret.
We will then configure the list of acceptable domains which may use it, and cross-configure this information into the Agilicus admin portal.
There is no general requirement to create your own Credentials in Google: do so if you wish finer-grained control by e.g. restricting source domain, or if you have specific audit requirements.
For more information see Google’s “Getting Started With Authentication“.
Navigate to https://console.cloud.google.com/apis/credentials . You may be prompted to enable the API for your organisation.
Create a new OAUTH2 client of type Web Application.
Give this “credential” a name. Add a redirect URI of https://auth.ca-1.agilicus.ca/callback
At this stage you will be given two facts (client ID, client secret). You will now enter these into the Agilicus Admin portal.
In the Agilicus Admin portal, add a new Identity Provider of type ‘Other’ (this is a generic OpenID Connect Identity Provider).
Enter a name (your users’ will see this, so e.g. “Agilicus Google Workplace”), the Issuer url (https://accounts.google.com), the Client ID (from above) and the Secret (from above).
You may wish to enable auto-create on this Identity Provider, in which case authenticated users will be automatically provisioned.
At this stage, you may wish to enable “Authorized Domains” in your Google Workplace settings.
Users may now sign in to the system via this Identity Provider.
Related Configuration
Return to Product Configuration
- Agilicus Connector – Microsoft Windows
- Sign-In Errors
- Time Synchronisation
- Locked-Down Networks Certificate Revocation
- Signup: Firewall Configuration
- Geo-Location-Based Access Control
- Agent Connector Sign-In
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Real VNC & Raspberry Pi
- Agent Connector Install: Raspberry Pi
- Kubernetes Agent Connector Install
- Linux, FreeBSD, Embedded Agent Connector Install
- Agent Connector Install: Ubiquity EdgeRouter X
- Audit Destinations
- Agent Connector Install: Netgate SG-1100 pfSense
- Agilicus Connector Install: MikroTik RouterOS
- Identity Group Mapping
- Billing
- Auto-Create Users From Specific Domain With Google Workplace
- Organisation
- Authentication Audit
- Authentication Issuer – Custom Identity
- Signup
- Microsoft ClickOnce
- Groups
- Agilicus Agent Windows Cluster
- Launchers
- Forwarding
- Usage Metrics
- Service Accounts
- Connectors
- Identity & Authentication Methods
- Content Security Policy
- Users
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Agent (Desktop)
- Agilicus-Connector
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Command Line API Access
- Applications
- Permissions
- Profile
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Agent Connector Install
- Synology Agent Connector Install
- Authentication Clients
- Authentication Rules
- Shares
- Services
- Resource Permissions
- Resource Groups
- Legacy Active Directory