This article explains how to setup Single Sign-On (SSO) for babelforce services by using your Google authentication service.
Setting up SSO in Google
- Access your Google Cloud console: https://console.cloud.google.com/home/dashboard
- Create a new project.
- If you already have a project, follow the steps as shown in the screenshot
- Fill out the form by providing a project name
- Click "Create"
- Wait until the project is created
- Enter the project you just created
- Next, go to https://console.developers.google.com/apis/dashboard
- From the sidebar, select "OAuth consent screen"
- Select the User Type "Internal" (this way, only users from within your organization can login via SSo) and click "Create"
- In the OAuth settings, you have the option to give a name to the application and add an authorized domain (your companies domain, e.g. mybusiness.com)
- Next, go to "Credentials" and press "+ CREATE CREDENTIALS"
- Select OAuth client ID from the drop down list
- Select Web application as Application type and fill out the form, by adding a name
- The redirect URIs will be added after you filled in all details in babelforce
- After completing the setup, click create.
- Copy the Client ID and Client Secret from the pop-up screen you are presented with
- You can always access the information again by editing the OAuth client you setup in the steps before
Configuring SSO in babelforce
- Go to global settings and find the section "SSO identity provider"
- To fill out the form, you need a few details. Below you see the mapping in babelforce. Everything that is filled in black is static and can be found as copy past text below the image. Everything in turquoise needs to be copied from Google.
- After you filled in all details, babelforce will provide you with the redirect URIs for the manager and babelConnect which you have to enter in Google after you completed these steps
- Site: https://accounts.google.com
- Token Path: https://oauth2.googleapis.com/token
- Auth Path: https://accounts.google.com/o/oauth2/v2/auth
- Principle Claim: email
Finishing the Google config
- In a last step, open https://console.developers.google.com/apis/credentials (make sure you are in the right project) in a new tab (please leave your babelforce SSO settings open)
- Click on the pencil to edit the client
- Find the section Authorized redirect URIs at the end
- Add two
Testing your setup
- To test your SSO login, create a new user, for instance a manager, who's email is available in your Google authentication service. To do so, go to Global settings > User management
- Next, find your company's name in babelforce by going here: https://apps.sales.babelforce.com/manager2/manager/account/overview
- Find the company's name as shown in the screenshot and copy paste it
- Go to the babelforce Login screen and enter your company's name as saved in the clip board as "Tenant"
- Follow the instructions of your provider. You should now be able to login
That completes the setup process. If you have any further questions, feel free to get in touch with firstname.lastname@example.org.