Skip to Content
Access & User ManagementUser ManagementGoogle

Google

Authentication Setup

Google Configuration

  1. Enable Admin SDK API Admin SDK API for your project. Enable Admin SDK API

  2. Create a Web Application Integration: In the google cloud console under Enabled APIs & Services go to credentials and create a new credentials for OAuth Client IDs.

  3. Select the application type: Web Application and give it a name

  4. Save Credentials: Record the generated client ID and client secret for later use in ScaleOps configuration as clientID, clientSecret respectively.

  5. Configure Callback URL:

    • For ingress setup: Use your ScaleOps dashboard URL followed by /auth/callback (e.g., https://<YOUR-SCALEOPS-DASHBOARD-URL>/auth/callback).
    • For port forwarding without ingress: Use http://localhost:8080/auth/callback.

  6. Save Credentials: Record the generated client ID and client secret for later use in ScaleOps configuration.

    Create Application

ScaleOps Configuration

Add the following helm values to your helm values.yml file:

authProvider:
  provider: google
  google:
    clientID: <CLIENT-ID>
    clientSecret: <CLIENT-SECRET>

Groups Setup

Google Configuration

In order to enable groups, ScaleOps needs the ability to query the users groups, this is done after we acquire the users token. Unfortunately, Google doesn’t allow users to use their own token to query for groups they are in. To solve this you would need to create a service account, here are the steps

  1. Service Account: In the google cloud console under Enabled APIs & Services go to credentials and create a new set for Service Account.

  2. Fill in the name, description and if you like the id and click Done Create Service Account

  3. Go to Admin roles page and assign service account to Groups Reader. Assign Role

    Assign Service Account

    Assign Service Account Email

  4. (Optional) Go to Admin domain delegation and add the scope https://www.googleapis.com/auth/admin.directory.group.readonly to the service account. Add Groups Scope

    Once you have the service account ready, you need to create Keys.

    • Pick the Keys tab
    • Click ADD KEY
    • Click on Create New
    • Select json and Click create Create Key Choose JSON

    The key will automatically be downloaded into your downloads’ folder.

ScaleOps Configuration

Add the following helm values to your helm values.yml file:

authProvider:
  provider: google
  authorization:
    enabled: true
  google:
    clientID: <CLIENT-ID>
    clientSecret: <CLIENT-SECRET>
  defaultAdminGroups:
    - admins@company.com
  defaultViewerGroups:
    - viewers@company.com
  defaultOperatorGroups:
    - operators@company.com
googleServiceAccountCredentials: |-
      <contents of /full/path/to/downloads/credentials.json>

Where company.com is the domain of your Google organization. And the group-name is the slug of the group you want to be the default admin group.

AzureGitHub