Rakoo

Single sign-on (SSO) allows your users to log in to the online academy using an external account. In this article, we will discuss what to configure in order to activate SSO integration with Google. For further information about SSO in general, please refer to <a href="https://support.rakoo.com/en/articles/5772498-setting-up-single-sign-on-sso" rel="nofollow noopener noreferrer" target="_blank">this article</a>.

In order to utilize SSO, users must already be <a href="https://support.rakoo.com/en/articles/4237705-adding-new-users" rel="nofollow noopener noreferrer" target="_blank">added</a> to the online academy. SSO does not create user accounts.

We will provide instructions on how to set up SSO. Below is a step-by-step guide to activate this integration. Please consult <a href="https://docs.retool.com/docs/google-oauth-credentials" rel="nofollow noopener noreferrer" target="_blank">Google's</a> support for the precise settings.

Step-by-step guide for creating credentials in Google

Go to the Credentials page in the Google Cloud Platform.

Click on ‘+ create credentials’ and select ‘OAuth client ID’.

If this is your first OAuth integration, you will be asked to fill out the Consent screen:

1. Select ‘Internal’ for the user type.
2. For App name, fill in the name of the environment within Rakoo.
3. For User support email, fill in an email address that users can contact for questions.
4. For App domain, only enter an Authorized domain. Click ‘Add domain’ under Authorized domain. Here you enter the main domain of your environment. (If the URL of your environment in Rakoo ends with 'rakoo.com', enter this as the main domain. If the URL of your environment ends with your own domain name, enter that as the main domain.)
5. For Developer contact information, you again enter an email address for users to contact.
6. Finally, choose ‘Save and continue’.
7. On the next page, you need to add scopes. Click ‘Add or remove scopes’ to select the following scopes:
 1. auth/userinfo.email
 2. /auth/userinfo.profile
 3. openid
8. After selecting these scopes, choose ‘Save and continue’.
9. Next, you will see an overview page where you can check all the settings. After verifying the settings, proceed with creating the OAuth client ID.

Now you arrive on the Create OAuth client ID screen. Choose ‘Web application’ as the application type.

Thereafter, you provide a clear name for the application, such as the name of the online academy.

Finally, you will have the option to enter two URLs. Here, you only need to fill in the Authorized redirect URLs with the following URL: <a href="https://oauth2.hubper.co/oauth2/login/code" rel="nofollow noopener noreferrer" target="_blank">https://oauth2.hubper.co/oauth2/login/code</a>

Click ‘Create’. You will now see the ‘client ID’ and ‘client secret’.

1. Go to the Credentials page in the Google Cloud Platform.
2. Click on ‘+ create credentials’ and select ‘OAuth client ID’. 
 

3. If this is your first OAuth integration, you will be asked to fill out the Consent screen:
 1. Select ‘Internal’ for the user type.
 2. For App name, fill in the name of the environment within Rakoo.
 3. For User support email, fill in an email address that users can contact for questions.
 4. For App domain, only enter an Authorized domain. Click ‘Add domain’ under Authorized domain. Here you enter the main domain of your environment. (If the URL of your environment in Rakoo ends with 'rakoo.com', enter this as the main domain. If the URL of your environment ends with your own domain name, enter that as the main domain.)
 5. For Developer contact information, you again enter an email address for users to contact.
 6. Finally, choose ‘Save and continue’.
 7. On the next page, you need to add scopes. Click ‘Add or remove scopes’ to select the following scopes:
 1. auth/userinfo.email
 2. /auth/userinfo.profile
 3. openid
 8. After selecting these scopes, choose ‘Save and continue’.
 9. Next, you will see an overview page where you can check all the settings. After verifying the settings, proceed with creating the OAuth client ID.
4. Now you arrive on the Create OAuth client ID screen. Choose ‘Web application’ as the application type.
5. Thereafter, you provide a clear name for the application, such as the name of the online academy.
6. Finally, you will have the option to enter two URLs. Here, you only need to fill in the Authorized redirect URLs with the following URL: <a href="https://oauth2.hubper.co/oauth2/login/code" rel="nofollow noopener noreferrer" target="_blank">https://oauth2.hubper.co/oauth2/login/code</a>
7. Click ‘Create’. You will now see the ‘client ID’ and ‘client secret’.

Step-by-step guide for creating the integration in the online academy

You can manage your integrations on the integrations page. You can find this page on the left side of the menu bar. 

- You can manage your integrations on the integrations page. You can find this page on the left side of the menu bar. 

Next, you can select ‘Google (oauth2)’ at ‘Single sign-on’. This will take you to the settings page.

- Next, you can select ‘Google (oauth2)’ at ‘Single sign-on’. This will take you to the settings page.

Thereafter, you can enter the credentials obtained from Google.

- UserInfo URL: <a href="https://www.googleapis.com/oauth2/v3/userinfo" rel="nofollow noopener noreferrer" target="_blank">https://www.googleapis.com/oauth2/v3/userinfo</a>
- Access Token URL: <a href="https://www.googleapis.com/oauth2/v4/token" rel="nofollow noopener noreferrer" target="_blank">https://www.googleapis.com/oauth2/v4/token</a>
- Authorization URL: <a href="http://accounts.google.com/o/oauth2/v2/auth" rel="nofollow noopener noreferrer" target="_blank">http://accounts.google.com/o/oauth2/v2/auth</a>
- At ‘Integration status’, you can indicate whether the integration is activated or not. 
- The ‘Login with “button" option allows you to decide whether a button should also be displayed in the login screen. Is this option disabled? Then, users can only log in through an external method via SSO (e.g., intranet).

Save the changes to activate the integration.

- Here, you can select ‘Add’.
- Thereafter, you can enter the credentials obtained from Google.
 - UserInfo URL: <a href="https://www.googleapis.com/oauth2/v3/userinfo" rel="nofollow noopener noreferrer" target="_blank">https://www.googleapis.com/oauth2/v3/userinfo</a>
 - Access Token URL: <a href="https://www.googleapis.com/oauth2/v4/token" rel="nofollow noopener noreferrer" target="_blank">https://www.googleapis.com/oauth2/v4/token</a>
 - Authorization URL: <a href="http://accounts.google.com/o/oauth2/v2/auth" rel="nofollow noopener noreferrer" target="_blank">http://accounts.google.com/o/oauth2/v2/auth</a>
 - At ‘Integration status’, you can indicate whether the integration is activated or not. 
 - The ‘Login with “button" option allows you to decide whether a button should also be displayed in the login screen. Is this option disabled? Then, users can only log in through an external method via SSO (e.g., intranet).
- Save the changes to activate the integration.

What is SSO?

How do I set up Google SSO (OAuth)?

Step-by-step guide for creating credentials in Google

Step-by-step guide for creating the integration in the online academy