Concepts
Group Access
Google Workspace SSO
7min
users can authenticate to jumpwire using their google workspace account this has the benefit of syncing their group memberships into jumpwire, so that data access permissions assigned to groups can be applied to users' sessions when connecting to a database through jumpwire the following guide will help you set up single sign on through google workspace you will need an administrator to create oauth credentials and grant jumpwire the ability to read user's group memberships visit google's cloud console to get started, all of the configuration is done under apis & services step 1 create a project for oauth credentials by creating a new project to create an oauth client, you can customize the oauth login screen that is shown to users or if you have an existing project that isn't used for oauth, that works fine too you can give the project any name you'd like, or here's a name you can use jumpwire oauth step 2 enable the admin sdk api in the project next, make sure that the admin sdk api is enabled in the project jumpwire uses the admin sdk api to include your users' group memberships when they login using google workspace visit the api library in google's cloud console to enable the admin sdk api search for "admin sdk api" in the search box api library search select the admin sdk api and click the "enable" button to enable this api for your project step 3 customize the oauth consent screen next set up the oauth consent screen to customize the login experience and grant the correct auth scopes to the application visit the oauth consent screen page under "apis & services" select internal for the user type oauth consent screen enter the following information for app information give the app the name jumpwire for user support, select an email from the dropdown that corresponds to your internal tech support if you'd like to customize the logo, here's one app domain information can be left blank for authorized domains, click "add domain" and enter auth0 com for developer contact information, you can enter hello\@jumpwire io, or use the same email from above for your technical support team on the scopes page, click "add or remove scopes" select /auth/userinfo email , it should be on the first page, and /auth/admin directory group member readonly , which will be a few pages in click "save and continue" and you'll be shown a summary screen step 4 create an oauth client in google's cloud console now create oauth client credentials, which will be used by jumpwire's authentication provider auth0 to complete the oauth flow for users visit the credentials page under "apis & services" to create an oauth client click the "create credentials" button and select oauth client id create oauth client in the application type dropdown, select web application for name, enter jumpwire , or something more fun if you want for authorized javascript origins, click "add uri" and enter https //jumpwire us auth0 com for authorized redirect uris, click "add uri" and enter https //jumpwire us auth0 com/login/callback click "create" to complete the setup after a few seconds, you'll see a modal with oauth client created it has a client id and client secret copy each of those and enter it into the form on the jumpwire sso page note that jumpwire does not store these values, but uses them to create the connection in our authentication provider auth0 step 5 configure oauth connection in jumpwire finally, navigate to the group access page in jumpwire, and configure the google workspace oauth connection under the sso tab here's a direct link to the page you'll see abbreivated configuration details for the steps above scroll down until you see the form for submitting oauth client information jumpwire google sso configuration enter in your google workspace domain for example jumpwire io also enter the oauth client id and client secret that you were given when creating the client in the google console above click "save" if successful, you will see a link displayed for the connection that was created have a google admin, probably the same person who created the client, follow the link and authorize the jumpwire app this is giving jumpwire the ability to get the user's group membership as part of the oauth response google sso success cheers!