Federated Identity Service

Created by Tass Skoudros, Modified on Fri, 11 Nov 2022 at 09:48 AM by Tass Skoudros

We use the popular Keycloak opensource software for our identity service. Social identity providers allow you to delegate authentication to a semi-trusted and respected entity. The Identity Service provides built-in support for the most common social networks out there, such as Google, Facebook, Twitter, Github, LinkedIn, Microsoft and StackOverflow.

We do not recommend using social logins for any of our services as they have unintended consequences when not correctly matched up with an excellent RBAC permission system. A social login provider permits anyone that has an account with that provider meaning by default you would need to configure the default behaviour for a user to be very restricted.

Login to our Identity Service using the provided links. Or contact support on support@servanamanaged.com

In order to create an identity provider click the Identity Providers left menu item.

Google provides two methods for setting up Oauth, if you don't have a Google Developer Console then use the GSuite method. To begin login to the Servana Identity Service

Go to the Identity Providers page, under add provider then select 'Google' and note the 'Redirect Url'. You will need to add this later. 

  1. Copy the Redirect Url

Create a project and a client in the Google Developer Console.

Google often changes the look and feel of the Google Developer Console, so these directions might not always be up to date and the configuration steps might be slightly different. Contact us for assistance if something doesn't seem right.

2. Log in to the Google Developer Console.

Then navigate to the APIs & Services section in the Google Developer Console. On that screen, navigate to Credentials administration.


3. Create credentials -> Auth Client ID

4. Click + Add URI under Authorised redirect URIs

5. Paste the Redirect Url from the identity provider page. 

6. Click save and on the following page copy the Client ID and Client Secret.

Before we complete the setup on the Servana Identity Service we need to set up the OAuth consent screen.

OAuth consent screen

When users log into Google from Keycloak they will see a consent screen from Google which will ask the user if the identity service is allowed to view information about their user profile. Thus Google requires some basic information about the product before creating any secrets for it. For a new project, you have first to configure OAuth consent screen.

On the OAuth consent screen fill in the following.

Application type: internal

Application name: Servana Identity Service

Authorized domains: servana.app

For the very basic setup, filling in the Application name is sufficient. You can also set additional details like scopes for Google APIs in this page.

7. Fill in OAuth consent screen details

8. Complete the setup on the Servana Identity Service adding the following.

Hosted Domain (i.e for GSuite or Google Developer Console)

Client ID

Client Secret

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article