Single Sign-On with Google Workspace
PREMIUM ULTIMATE
Below is the process described for connecting qibb with Google Workspace using OpenID Connect.
| Step | Description |
|---|
1 | Request the qibb IdP URL | To get started, you will need the qibb IdP URL, which will be used by redirects between qibb’s Sign in Page and your Identity Provider. You can reach out to our Support Team to retrieve the qibb IdP URL.
|
2 | Setup an OAuth consent Screen in Google console | You will need to setup Google OAuth Consent Screen before you can continue configuring the remaining part of the program Make sure to restrict application to be Internal. Which will only allow the users in the Google Workspace to sign in using Google.
|
3 | Create Google Credentials | Navigate to Credentials Tab in APIs & Services and create a new credential of OAuth client ID definition Select application type Web Application and give it recognizable and distinguishable name On Authorized redirect URIs add qibb IdP URL provided by Support Team Create the client and save credentials
|
4 | Provide the Credential Information to Support Team | |
5 | Defining group mapping in alignment with Support Team | Group mapping enables you to determine the specific Qibb permissions that a group of users should receive automatically (such as an assignment to a qibb group), depending on their membership in Google Workspace Group. Once the group mapping is set up, members of that specific group will be automatically assigned to the corresponding Qibb group after each login. If you wish to change or extend the group mapping in future, contact our Support Team with the request to update the configuration.
|
As of the time of writing, the Google OIDC setup does not currently support Group attributes. To address this issue, a SAML integration can be configured alternatively.
