Google social login users have to belong to organization that uses this Google
social login. The Google users cannot be used outside organizations (without
organization assigned).
Before you start setting up the Google social login in Bacularis, you need to
prepare the OAuth2 clientID and the clientsecret in the Google service
for developers. To do it, please create a OAuth2 client here:
Refresh tokens are supported both by Google and Bacularis. Please note that the refresh tokens
will only be used if the Userefreshtoken option is set in the Google identity provider
configuration in Bacularis. Otherwise, when the user session expires, automatic refresh will
not be possible and the user will have to re-authorize.
It is worth mentioning that Google only issues refresh tokens when a consent screen is
displayed during the authorization flow. If you first approve the consent screen and then
enable the Userefreshtoken option, it will not work because the consent screen will no
longer be displayed the next time you log in. To force the consent screen to be displayed
to users who have already approved, use the Prompt option in the Bacularis identity provider
configuration and set the consent value there.
Social login - Google#
Since version
5.4.0Bacularis supports logging in using the Google user accounts.Requirements#
To enable the social button to log in using Google credentials, please check the following points:
Organization support#
Google social login users have to belong to organization that uses this Google social login. The Google users cannot be used outside organizations (without organization assigned).
User provisioning#
This method fully supports the user provisioning.
How to use it#
Before you start setting up the Google social login in Bacularis, you need to prepare the OAuth2
client IDand theclient secretin the Google service for developers. To do it, please create a OAuth2 client here:https://console.cloud.google.com
You need to go to the APIs and services page as shown on the screenshot below.
Important notes#
Refresh tokens are supported both by Google and Bacularis. Please note that the refresh tokens will only be used if the
Use refresh tokenoption is set in the Google identity provider configuration in Bacularis. Otherwise, when the user session expires, automatic refresh will not be possible and the user will have to re-authorize.It is worth mentioning that Google only issues refresh tokens when a consent screen is displayed during the authorization flow. If you first approve the consent screen and then enable the
Use refresh tokenoption, it will not work because the consent screen will no longer be displayed the next time you log in. To force the consent screen to be displayed to users who have already approved, use thePromptoption in the Bacularis identity provider configuration and set theconsentvalue there.Settings form#
The Google login you can set up on the identity providers page here:
Below you can see the identity provider settings form:
Video guide#
The full Google login integration with Bacularis you can watch on this video tutorial below.