Setting Up Google IDP Single Sign-On (SSO)
In this page we will see the process of setting up Google IDP with Codefresh. For the general instructions of SSO setup see the overview page.
Create Client Secret
Log in https://console.developers.google.com/ and select Credentials on the left sidebar. Click the Create Credentials button and choose OAuth client ID from the drop down menu.
In the next screen select Web application as the Application type. Enter a name for your integration (user-defined). Add as URI https://g.codefresh.io
in the Authorized JavaScript origins section.
Click the Create button. You will see a dialog with the client Id and secret values. Note down both of these values.
You will need the Client ID and secret in the Codefresh configuration screen.
Enter details on the Codefresh side
Go back into Codefresh and choose Google at the SSO Settings
In the configuration screen fill in the following:
DISPLAY NAME
- Friendly SSO name (arbitrary)CLIENT ID
- Use the value you got from the previous sectionCLIENT SECRET
- Use the value you got from the previous section
After clicking SAVE you’ll see the generated Client Name:
Note this down as you will use it in the Google Console.
Setup Redirect URI
Go back to the Google Console Developer dashboard and click the edit button on the OAuth 2.0 Client IDs that you created before.
Use the Client Name from the previous section to generate the Authorized Redirect URIs
- Example Client Name:
t0nlUJoqQlDv
- Example Redirect URI:
https://g.codefresh.io/api/auth/t0nlUJoqQlDv/callback
This concludes the basic SSO setup for Google. For team/group synchronization you also need a service account.
Synchronize teams with the Codefresh CLI
In the Codefresh configuration screen there are some optional fields that you can fill, in order to get team synchronization via the Codefresh CLI. You need to create a service account and delegate user and group permissions to it.
Create a Service account from Google Console:
Delegate from the Google admin console the following permissions:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
For that service account you should also create a private key in JSON format.
Save the file locally. Go back to the Codefresh settings and fill in the fields
JSON Keyfile
- enter contents of the JSON fileAdmin email
- The user that has access toadmin.google.com
Now you can synchronize teams with the Codefresh CLI .
What to read next
See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.