Overview

VIDIZMO also allows ease of login by enabling you to sign in with your Google Account — the same account you already use with Gmail and other Google services.


To learn more about SSO, click here on Understanding Single Sign-On.


This article covers two setups:

  1. Configuration in Google Developers Portal
  2. Configuration in VIDIZMO


Before you start


  • Only Administrators and Managers can configure an SSO App in Portal Settings.

  • For configuring Google SSO with VIDIZMO, you must have a Google account so that you can create a web application that will enable you to sign in.
  • If other SSO Apps have been configured and enabled on your Portal other than Google SSO, your users will see multiple buttons on the login page allowing them to choose any identity provider of their choice to log in to their VIDIZMO Portal.
  • After configuring and enabling Google SSO on your portal, you can disable default VIDIZMO login to restrict users to sign in using their Google credentials only. However, VIDIZMO Login will be enabled by default if all other configured SSO providers are disabled.
  • By default, following Google parameters about a user are exposed to VIDIZMO when that user provides consent for signing in VIDIZMO using Google credentials:
    • First Name
    • Last Name
    • Email Address
  • Go through Setting up OAuth 2.0 to understand Google Developer Portal configuration better, and follow below steps to register an application.



Google Developer Portal Configuration

1. Click here on Google Cloud Platform to access the Google Developers Platform.

i. On the Sign In screen, enter the email address (or phone) you use to access your Google account.

ii. Use the Next button to proceed to the next screen.




2. Use your Google credentials to log in:

i. Enter the password used for your account.

ii. Use the Next button to proceed to the next screen.



3. After successfully signing in, Google's APIs & Services screen gets loaded. If this is your first time accessing the Google APIs, you will need to create a project. Click on the Create button to create a project first.




4. The My Applications screen lists all your Apps here. Use the Create Application button to create your App.

i. Enter a name for your project. Under the Location, if there is no parent organization or folder, keep the default value.

ii. Then hit the Create button to create your project.



5. Once the project gets created, you will be taken to the Project's Dashboard.

i. The Project you just created will be listed on the top in the drop-down.

ii. Look for the Getting Started card.

iii. Select Enable APIs and get credentials like keys to proceed.





6. Clicking on the Enable APIs and get credentials like keys link will take you to the Dashboard's list of APIs and Services.

i. Click on the blue link + ENABLE APIS AND SERVICES.

ii. Type and search for Google+ API.

iii. Among other results from the search, select the Google+ API.

iv. On the next screen, click on the ENABLE button to enable this API for your Google API Project.





7. To use the API that was enabled in the previous step, you will need to create credentials to use it. Click on the CREATE CREDENTIALS button towards the right-hand side of the screen. Learn more about it here.

i. Select the type of API i.e. Google+ API.

ii. Select the type of application i.e. Web Server.

iii. Select User data under What data will you be accessing? section.

iv. And then click on the What credentials do I need? button to create an OAuth 2.0 client ID.




8. On the second part under adding credentials is the creation of OAuth 2.0 Client ID:

i. Give a name to your OAuth Client ID (this is not the display name of your App.)

ii. Enter the origin URL of the client application, which is your portal's URL. For example, lexcorp.enterprisetube.com.

iii. You will also need the Authorized redirect URL. Your Redirect URL would be the URL of your portal with the callback path /sso/signin-google appended at the end such as: lexcorp.enterprisetube.com/sso/signin

iv. Before you hit Create OAuth Client ID, you will be prompted to set up a consent screen for the users. Go to the next step to learn how and then come back here to hit the Create OAuth client ID to create the ID.


Note: You can enter URLs in either http & https format. Separate Applications are required for each Portal if you have multiple Portals.




9. The third step requires you to set up a consent screen for the users whenever a request is sent to access their private data using this ID. This Consent screen will be displayed for all the applications registered in this project. Learn more about it here.

i. Enter the Application name that you wish to display when asking for user consent. The name here can be different than the application name.

ii. Enter your google Email Address using which you will authenticate yourself in VIDIZMO portal. 

iii. Here, you need to enter Authorized Domains to specify the domain used by your VIDIZMO portal such as lexcorp.enterprisetube.com. As a protection policy, Google only allows applications that authenticate using OAuth to use Authorized Domains. Your applications' links must be hosted on Authorized Domains. Learn more about them here.

iv. You can now populate custom application links for guiding the user about your application using Homepage, Privacy Policy and Terms of Use.

v. Upon hitting the Save button, the client ID gets created as shown in the next Step #10.



10. The last step is to get Client ID and Client Secret for VIDIZMO Portal configuration.

i. Click on the Credentials link under APIs & Services.

ii. On the extreme right of the Client ID, use the edit icon to open the ID in edit mode.




11. From the Client ID details screen, note down the Client ID and Client Secret for use when configuring Google SSO in your VIDIZMO Portal. 




VIDIZMO Portal Configuration

1. From the Portal's Homepage,

i. Click on the navigation menu on top left corner.

ii. Expand Admin tab.

iii. Click on the Settings tab and you'll be directed to Portal Settings page.




2. On Portal Settings page,

i. Click on the Apps tab on the left-hand panel.

ii. Further click on the Single Sign-On tab.

iii. Locate the Google SSO App on the screen, and click on the Settings icon at the right-hand side.




3. The Google SSO Settings screen offers various fields, each of which is explained below:

i. Client ID: This attribute is the unique identifier for the client application. Provide the client ID copied in Step 11  when registering the application on the Google Developers Portal.

ii. Client Secret: The client secret is used in conjunction with Client Id to authenticate the client application as noted in step 11 when registering the application on the Google Developers Portal.

iii. Callback Path: Specifies the callback location where the authorization will be sent to your Portal.

iv. Attribute Mapping: Attribute Mapping allows you to map your attributes with the IDP's attributes.

v. Use the Save button to save your changes.





4. In order to activate SSO for Google:

i. Turn on the feature using the toggle button.


Outcome

Navigate to the Portal's login screen and you will see an option Log in with Google SSO.





To learn further about signing in, read Sign in using Google.