¶ Obtaining SSO Credentials for Google and Microsoft
This guide outlines the steps required to set up and obtain Single Sign-On (SSO) credentials for Google and Microsoft Azure AD to integrate with your application.
¶ Step 1: Create a Project in Google Cloud Console
- Go to Google Cloud Console.
- Click on Select a project at the top
- The click New Project.
- Enter a project name (eg MultiPortalSSO), select your location and click Create.
- Your project will take a few minutes to create.
¶ Step 2: Configure OAuth Consent Screen
- Go to APIs & Services
- On the side menu click OAuth consent screen.
- If you haven't configured your project before you will first need to set it up (Skip to Step 3 if already setup)
- Choose External for public access or Internal if limited to your organization.
If you choose external you may need to verify your app.
- Enter your contact information then click Next and then Create
¶ Step 3: Create OAuth Credentials
- Navigate to APIs & Services > Credentials.
- Click Create Credentials and select OAuth client ID.
- Choose Web Application as the application type.
- Enter a name (e.g., "SSO Integration")
- Add your MultiPortal url into the Authorized redirect URIs:
- Example: https://yourdomain.com/auth/google/callback
You must include /auth/google/callback
- Example: https://yourdomain.com/auth/google/callback
- Then click Create.
¶ Step 4: Copy the Credentials
Once you have create your Oauth 2.0 Cliend ID, you can click the download icon to view your client ID and secret.
- Note the Client ID and Client Secret.
- These will be used in your application to configure Google SSO.
¶ Step 1: Register an Application in Azure AD
- Go to the Microsoft Azure Portal.
- Sign in and navigate to App registrations under Azure Services.
- Click New registration.
- Enter a name for the application (e.g., "MultiPortal SSO Integration").
- Choose Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) for internal access or as required by your setup.
- In Redirect URI, select Web then add:
- Click Register.
¶ Step 2: Configure API Permissions
- Go to the Manage > API permissions tab.
- Click Add a permission.
- Click Microsoft Graph.
- Click Delegated permissions
- Select Microsoft Graph, search for User.Read and choose: (Skip this if the permission is added by Default)
- Delegated permission:
- User.read
- User.read
- Delegated permission:
- Click Add permissions.
¶ Step 3: Generate a Client Secret
- Go to Certificates & secrets.
- Click New client secret.
- Add a description and choose an expiration period.
- Click Add
- Copy the Value (Client Secret).
¶ Step 4: Copy Application Credentials
- Go to Overview to find the *Application (client) ID
*. - Note the Directory (tenant) ID and Client Secret.
¶ Summary of Required Information
| Provider | Client ID | Client Secret | Redirect URI |
| [Your Google Client ID] | [Your Google Client Secret] | https://yourdomain.com/auth/google/callback | |
| Microsoft | [Your Microsoft Client ID] | [Your Microsoft Client Secret] | https://yourdomain.com/auth/microsoft/callback |
Additional Notes
- Ensure the OAuth consent screen information is complete to avoid verification issues.
- Keep your Client Secret secure; do not expose it in client-side code.
- Adjust OAuth scopes according to your application’s data requirements.
¶ Keying in Credentials to Application Settings
Once you have obtained the Client ID and Client Secret from Google and Microsoft, follow these steps to configure them in the application:
¶ 1. Navigate to SSO Configuration Settings
- Log in to your application as an administrator.
- Go to Settings.
- Locate the SSO Configuration section.
¶ 2. Enter Google SSO Credentials
1 Click Google SSO Enabled
2 Google Client ID: Paste the Client ID obtained from Google Cloud Console.
3 Google Client Secret: Paste the Client Secret.
4 Google Redirect URI: Use the redirect URI you set during the Google OAuth configuration.
- Example: https://yourdomain.com/auth/google/callback
5 Click Save Google Configuration
¶ 3. Enter Microsoft SSO Credentials
1 Click Microsoft SSO Enabled
2 Microsoft Client ID: Paste the Application (client) ID obtained from Azure AD.
3 Microsoft Client Secret: Paste the Client Secret.
4 Microsoft Redirect URI: Use the redirect URI you set during the Azure AD application configuration.
- Example: https://yourdomain.com/auth/microsoft/callback
5 Click Save Google Configuration
¶ 4. Test the SSO Integration
- Log out of the application.
- Use the Sign in with Google or Sign in with Microsoft option to test the login.
- Ensure that users are redirected correctly and authenticated without errors.
¶ Common Issues and Troubleshooting
| Issue | Possible Solution |
| Error: "Invalid Client ID or Secret" | Verify that the Client ID and Client Secret are correctly copied without extra spaces or typos. |
| Error: "Redirect URI Mismatch" | Ensure that the redirect URI in the SSO configuration matches exactly with the one set in Google/Microsoft. |
| Error: "Permission Denied" | Check that all required OAuth scopes (email, profile, etc.) are correctly configured. |
By completing these steps, your application will be successfully integrated with Google and Microsoft SSO for seamless user authentication.
¶ Linking and Unlinking SSO Accounts
Once the SSO credentials have been configured, users can link their accounts with Google or Microsoft for a seamless sign-in experience.
¶ Steps to Link an SSO Account
- Go to Profile
- Log in to your account.
- Click on your username or avatar in the top-right corner to access your profile.
- Open the Single Sign-On (SSO) Tab
- Navigate to the Single Sign-On tab.
- Navigate to the Single Sign-On tab.
- Link with Google or Microsoft
- Click the Link with Google or Link with Microsoft button.
- Say Yes to confirmation message
- You will be redirected to the respective sign-in page for Google or Microsoft.
- Sign in and allow the necessary permissions.
- Once linked, you will receive a confirmation message.
- Click the Link with Google or Link with Microsoft button.
¶ Unlinking an SSO Account
- Go to the Single Sign-On tab in your profile.
- Click Unlink next to the linked Google or Microsoft account.
- Confirm the action if prompted.
- The SSO account will be unlinked, and you will no longer be able to sign in with that service until it is linked again.
