Improve this page on GitHub

Google Single Sign-On (SSO)

Setting up SSO for Google in Codefresh requires you to create a client secret for Codefresh in Google, configure SSO settings in Codefresh and then define the redirect URIs, also in Google.
For general instructions on SSO setup, see the overview.

Create Client Secret

  1. Log in to https://console.developers.google.com/.
  2. From the sidebar, select Credentials.
  3. Select Create Credentials, and from the drop-down, select OAuth client ID.
  4. Do the following:
    • From the Application type drop-down, select Web application.
    • Enter a Name for your integration (user-defined).
    • For Authorized JavaScript origins, URIs, enter, https://g.codefresh.io.

Creating an OAuth client

Creating an OAuth client
  • Select Create.
  • From the OAUth client created dialog, note down Your Client ID and Your Client Secret.

Getting the Client ID and secret

Getting the Client ID and secret

You will need the Client ID and secret to configure SSO for Google in Codefresh.

Configure SSO for Google in Codefresh

  1. In the Codefresh UI, go to Single Sign-On.
  2. Select + Add Single Sign-On, Google, and then Next.

SSO settings for Google in Codefresh

SSO settings for Google in Codefresh
  1. Enter the following:
    • Client Name: For auto-generation, leave empty. Codefresh generates the client name once you save the settings.
    • Display Name: Meaningful name that identifies the SSO provider.
    • Client ID: The Client ID generated by Google.
    • Client secret: The Client Secret also generated by Google.
  1. Select Save. Codefresh generates the Client Name.

Getting the auto-generated Client Name

Getting the auto-generated Client Name
  1. Note down the Client Name, as you need it to set the redirect URI in Google.

Set up Redirect URI

  1. Go back to the Google Console Developer dashboard, and click the edit button on the OAuth 2.0 Client IDs that you created before.
  2. For Authorized Redirect URIs, in the URIs field, enter the Client Name you noted down to generate the Authorized Redirect URIs
    • Example Client Name: t0nlUJoqQlDv
    • Example Redirect URI: https://g.codefresh.io/api/auth/t0nlUJoqQlDv/callback

Redirect URI

Redirect URI

This concludes the basic SSO setup for Google.

Synchronize teams via Codefresh CLI

For team/group synchronization you also need a service account. In the Codefresh configuration screen there are some optional fields that you can fill, in order to get team synchronization via the Codefresh CLI. You need to create a service account and delegate user and group permissions to it.

  1. Create a Service account in Google Console:

ß

Creating a service account

Creating a service account
  1. Delegate from the Google admin console the following permissions:
    • https://www.googleapis.com/auth/admin.directory.user.readonly
    • https://www.googleapis.com/auth/admin.directory.group.readonly
  1. For that service account, create a private key in JSON format.

Creating a JSON key

Creating a JSON key
  1. Save the file locally.
  2. Go back to Codefresh, and in the Google SSO settings page, enter the following:
    • JSON Keyfile: The contents of the JSON file
    • Admin email: The user admin.google.com

Now you can synchronize teams using the Codefresh CLI.

See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.