Link Search Menu Expand Document

Google workspace Configuration

With Google Workspace SSO configured, all users invited to SafeStack can sign in using their company’s Google workspace identity. This document describes how to set up your Google workspace to authenticate your users on SafeStack.

Users will need to be invited to your SafeStack organisation before they can sign in using Google workspace. SCIM support to auto manage your organizations users through your identity system is not yet supported.

Set-up guide

You will need to set up a new Oauth2 client in your Google workspace. The following instructions must be performed in your organisation’s Google workspace, the SafeStack team can provide assistance if needed. The instructions below are a simplified version of the official Auth0 documentation

Step 1: Set up a new Oauth2 client

For detailed information, check out the Official Google documentation on creating a new Oauth2 client.

  1. Sign in to your Google Cloud Console and make sure to select the right project for your team
  2. Navigate to API & Services -> Credentials
  3. Click on “Create Credentials” and select OAuth Client ID
  4. Select Web application as the “Application Type” and provide the name SafeStack (or any other suitable name to identify this client, that follows your organisation’s naming policies)
  5. Under “Authorized JavaScript Origins” add the following. This is the public URL for SafeStack’s learning platform:
    1. https://learn.safestack.io
  6. Under “Authorized redirect URIs” add the following values. Your users will be redirected to one of these URL’s after they have authenticated with Google:
    1. https://auth.learn.safestack.io/login/callback
    2. https://learn-safestack-io.au.auth0.com/login/callback
  7. Click on the “Create” button and note down the Client ID and Client Secret

Step 2: Get in touch with us

Get in touch with us with the following information that you would have noted down from previous steps:

  • Your Google workspace domain (this is typically the domain name used for email addresses within your organisation)
  • Client ID
  • Client Secret

Because some of this information is sensitive, we recommend that you use your organization’s preferred way of sharing secrets with third parties or vendors. This could include using a service like OneTimeSecret or the secret sharing functionality offered by your password manager.

Please share this information with sso@safestack.io and we’ll handle the rest!