IdP Setup: Google

What

Before we can use Google for authentication from FileWave, we must configure Google Workspace and give FileWave access to it.  The whole purpose of this configuration is to give FileWave permissions to talk to your Google environment.

When/Why

This configuration is required if you want to use Google for authentication during device enrollment or during login to the FileWave Web and Native administrator consoles.

How

The configuration for access is all driven through Google Workspace.

Introduction

Setting up Google as IdP in Filewave means that we want to support users to log in with their Google account. We also want to allow Filewave services to query Google Workspace account users and groups.

In order to use Google as IdP and configure it inside Filewave, one has to obtain the following credentials from Google.

The process on how to obtain these is described below.

To complete the steps below, one has to be logged in to a Google account and be a super administrator of the Google Workspace domain (more info)

Required Items

NOTE: CANNOT be IP Address or self-signed cert. Must be FQDN - Instructions Linked Here

Domain verification

Google's API access to user's data may need to be reviewed and verified once setup is complete. For information please review, Google's OAuth API verification documentation.

Client ID and client secret (Google)

Below is an excerpt on how to obtain a Client ID and client secret. For a more detailed tutorial and additional information, check the documentation.

Step

Example screenshot

(Step 1) - Navigate to https://console.cloud.google.com/apis/credentials

/

(Step 2) - Click on "Create credentials"

(Step 3) - Choose "OAuth client ID"

(Step 4) - In the next screen, choose "Web application"

(Step 5) - In the configuration screen we need to name our OAuth client name and input correct Authorized redirect URIs.

NOTE

Please replace "filewave.server.comwith the correct URL of your server instance.

https://filewave.server.com/api/auth/login_via_idp_redirect

https://filewave.server.com/api/auth/login_via_idp_redirect_for_native

https://filewave.server.com/api/auth/login_via_idp_redirect_for_device

(Step 6) - Click CREATE, and your Client ID and Client secret will be generated. Please save them for later, as they are needed when configuring the FileWave server later on.

Please note the message in grey about the OAuth access being restricted. You may also see a different message indicating that the consent screen needs to be verified. Click on the link in that grey text and ensure that the publishing status is In Production and that the User Type is External.

Creating a service account (Google)

To support server-to-server interactions, first create a service account for your project in the API Console. - Google documentation

Step

Example screenshot

(Step 7) - Navigate to https://console.cloud.google.com/apis/credentials

/

(Step 8) - Click on "Create credentials"

(Step 9) - Choose "Service account"