Improve this page on GitHub

Google

Setting Up Google IDP Single Sign-On (SSO)

In this page we will see the process of setting up Google IDP with Codefresh. For the general instructions of SSO setup see the overview page.

Create Client Secret

Log in https://console.developers.google.com/ and select Credentials on the left sidebar. Click the Create Credentials button and choose OAuth client ID from the drop down menu.

In the next screen select Web application as the Application type. Enter a name for your integration (user-defined). Add as URI https://g.codefresh.io in the Authorized JavaScript origins section.

Creating an OAuth client

Creating an OAuth client

Click the Create button. You will see a dialog with the client Id and secret values. Note down both of these values.

Getting the Client ID and secret

Getting the Client ID and secret

You will need the Client ID and secret in the Codefresh configuration screen.

Enter details on the Codefresh side

Go back into Codefresh and choose Google at the SSO Settings

Choosing Google for Auth

Choosing Google for Auth

In the configuration screen fill in the following:

  • DISPLAY NAME - Friendly SSO name (arbitrary)
  • CLIENT ID - Use the value you got from the previous section
  • CLIENT SECRET - Use the value you got from the previous section

Entering Codefresh Settings

Entering Codefresh Settings

After clicking SAVE you’ll see the generated Client Name:

Getting the auto-generated Client Name

Getting the auto-generated Client Name

Note this down as you will use it in the Google Console.

Setup Redirect URI

Go back to the Google Console Developer dashboard and click the edit button on the OAuth 2.0 Client IDs that you created before.

Use the Client Name from the previous section to generate the Authorized Redirect URIs

  • Example Client Name: t0nlUJoqQlDv
  • Example Redirect URI: https://g.codefresh.io/api/auth/t0nlUJoqQlDv/callback

Redirect URI

Redirect URI

This concludes the basic SSO setup for Google. For team/group synchronization you also need a service account.

Synchronize teams with the Codefresh CLI

In the Codefresh configuration screen there are some optional fields that you can fill, in order to get team synchronization via the Codefresh CLI. You need to create a service account and delegate user and group permissions to it.

Create a Service account from Google Console:

Creating a service account

Creating a service account

Delegate from the Google admin console the following permissions:

  • https://www.googleapis.com/auth/admin.directory.user.readonly
  • https://www.googleapis.com/auth/admin.directory.group.readonly

For that service account you should also create a private key in JSON format.

Creating a JSON key

Creating a JSON key

Save the file locally. Go back to the Codefresh settings and fill in the fields

  • JSON Keyfile - enter contents of the JSON file
  • Admin email - The user that has access to admin.google.com

Now you can synchronize teams with the Codefresh CLI .

See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.