SSO - Google

Objective

This document provides instructions on how to configure Google SSO integration to Volterra for your enterprise account. For an overview of Volterra, see About Volterra.

Note: SSO setup requires you to be of the tenant owner type user. Navigate to General -> IAM -> Users. Click on the Show/hide column, select the Type field, and click Apply to display the Type column. For the tenant owner, the Type column displays Tenant Owner and others, it displays User.


Prerequisites

The following prerequisites apply:


Configuration Steps

Step 1: Create a project in the Google Developer Console.

Log in to the Google Developer Console with your administrator access. Click Create Project.

create proj
Figure: GCP IAM and Admin View

Enter a project name, set a project ID using the EDIT button as per your preference, and click Create.

image10
Figure: Create a new project

Step 2: Start OAuth consent settings.

Navigate to the APIs & Services section in the Google Developer Console. On that screen, navigate to OAuth consent screen. Select Internal and click on Create button.

oauth int
Figure: API Credentials

Step 3: Fill in OAuth consent screen details.

oauth consent
Figure: Content Screen

Step 4: Create OAuth credentials.

Navigate to Credentials tab, select OAuth client ID under the Create credentials button, create OAuth client ID and client secret.

create oauth client
Figure: Credentials Tab

image4
Figure: Create OAuth Client ID

Note: Leave ‘Authorized redirect URIs’ field as blank, this can be provided once the URI is obtained from VoltConsole SSO Portal.

Step 5: Copy the generated credentials.

Once credentials are created a Client ID and Client Secret are generated which are required to set SSO. Copy the same to be provided in VoltConsole.

image5
Figure: OAuth client ID

Step 6: Start SSO setup in the VoltConsole.
  • Login to VoltConsole with tenant owner credentials, click General on the namespace selector. Select Tenant Settings -> Login Options and click Set Up SSO.

sso nav
Figure: Volterra SSO Setup Page

  • Select Google in service providers.
Step 7: Set the OAuth credentials and hosted domain.

Provide Client ID and Client Secret obtained from step 5. Enter the domain in the Hosted Domain field and click Continue. This example uses ves.io as the domain.

image6
Figure: Client ID and Client Secret

Note: The Hosted Domain is the domain where your accounts are hosted and only accounts of that domain are listed. You can also enter * for this field to use any hosted account.

Step 8: Copy the redirect URL.

Copy the displayed Redirect URL. This is used in OAuth client configuration in later steps. Click Done.

redirect uri
Figure: Well Known URL

Step 9: Add authorized domain in the Google Developer Console for your OAuth settings.

Log back in to the Google Developer Console, navigate to API & Services section, click on OAuth consent screen, click on EDIT APP. Under Authorized domains, add volterra.io as the domain.

oauth add volt
Figure: Add Authorized Domain

Step 10: Add the redirect URL in the credentials page.

Click on Credentials page through the navigation pane. Edit the OAuth 2.0 Client ID to add authorized redirect URI(obtained in Step 8) and click on the save button.

image7
Figure: Configure Redirect URI

Step 11: Log out of the VoltConsole. The subsequent logins get serviced through Google.

Concepts


API References