We use the popular Keycloak opensource software for our identity service. Social identity providers allow you to delegate authentication to a semi-trusted and respected entity. The Identity Service provides built-in support for the most common social networks out there, such as Google, Facebook, Twitter, Github, LinkedIn, Microsoft and StackOverflow.

We do not recommend using social logins for any of our services as they have unintended consequences when not correctly matched up with an excellent RBAC permission system. A social login provider permits anyone that has an account with that provider meaning by default you would need to configure the default behaviour for a user to be very restricted.

Login to our Identity Service using the provided links. Or contact support on [email protected]

In order to create an identity provider click the Identity Providers left menu item.

Go to the Identity Providers page, under add provider then select 'Google' and note the 'Redirect Url'. You will need to add this later. 

Create a project and a client in the Google Developer Console.

Google often changes the look and feel of the Google Developer Console, so these directions might not always be up to date and the configuration steps might be slightly different. Contact us for assistance if something doesn't seem right.

2. Log in to the Google Developer Console.

Then navigate to the APIs & Services section in the Google Developer Console. On that screen, navigate to Credentials administration.

3. Create credentials -> Auth Client ID

4. Click + Add URI under Authorised redirect URIs

5. Paste the Redirect Url from the identity provider page. 

6. Click save and on the following page copy the Client ID and Client Secret.

Before we complete the setup on the Servana Identity Service we need to set up the OAuth consent screen.

When users log into Google from Keycloak they will see a consent screen from Google which will ask the user if the identity service is allowed to view information about their user profile. Thus Google requires some basic information about the product before creating any secrets for it. For a new project, you have first to configure OAuth consent screen.

On the OAuth consent screen fill in the following.

Application type: internal

Application name: Servana Identity Service

Authorized domains: servana.app

For the very basic setup, filling in the Application name is sufficient. You can also set additional details like scopes for Google APIs in this page.

7. Fill in OAuth consent screen details

8. Complete the setup on the Servana Identity Service adding the following.

Hosted Domain (i.e for GSuite or Google Developer Console)

Client ID

Client Secret