Google Single Sign-On¶
Migrating from OAuth 2.0 to OpenID Connect¶
OAuth 2.0 is being deprecated and replaced by OpenID Connect. Refer to the product documentation to convert your existing OAuth configuration for Google Apps to the OpenID Connect standard.
Configuring Google Apps as a Single Sign-On (SSO) service¶
Follow these steps to configure Mattermost to use Google as a Single Sign-on (SSO) service for team creation, account creation, and sign-in.
Note: The Google People API has replaced the Google+ API, which was deprecated by Google as of March 7th, 2019 per their notice.
Step 1: Create OpenID Connect project in Google API Manager¶
- Go to Google Cloud Platform.
- Select Credentials in the left-hand sidebar.
- Select Create Credentials, then select OAuth client ID.
- Select the Web application as the application type.
- Enter
Mattermost-<your-company-name>
as the Name, replacingwith the name of your organization. - Under **Authorized redirect URIs, select Add URL, then enter
{your-mattermost-url}/signup/google/complete
. For example:http://localhost:8065/signup/google/complete
. - Select Create.
- Copy and paste the Your Client ID and Your Client Secret values to a temporary location. You will enter these values in the Mattermost System Console.
Step 2: Enable Google People API¶
Go to the Google People API, then select Enable in the header. This might take a few minutes to propagate through Google’s systems.
Step 3: Configure Mattermost for Google Apps SSO¶
- Log in to Mattermost, then go to System Console > Authentication > OpenID Connect.
- Select Google Apps as the service provider.
- The Discovery Endpoint for OpenID Connect with Google Apps is prepopulated with
https://accounts.google.com/.well-known/openid-configuration
. - Paste in the Client ID from Google in Mattermost.
- Paste in the Client Secret from Google in Mattermost.
- Select Save.
- Restart your Mattermost server to see the changes take effect.
Note:
- Alternatively, you may enter Client ID and Client Secret values directly into the
GoogleSettings
section of the Mattermostconfig/config.json
file. - The following default values are recommended:
"GoogleSettings": {
"Enable": false,
"Secret": "fake_secret",
"Id": "fake_id",
"Scope": "profile openid email",
"AuthEndpoint": "",
"TokenEndpoint": "",
"UserApiEndpoint": "",
"DiscoveryEndpoint": "https://accounts.google.com/.well-known/openid-configuration",
"ButtonText": "",
"ButtonColor": ""
},
```