I was trying to figure out how I can integrate Google SSO to Itop. I have seen options for integrating with LDAP.
This is not possible out of the box.
That being said, since iTop v2.7 it provides an authentication API which allows you to add Google as one of the authentication provider using OAuth. You won't be able to have SSO but you will be able to connect to iTop using your Google account.
Check here for details about the authentication API, then check here for how to make an iTop extension.
Related
I'm looking for the best practice to make requests as a third-party app to Google Drive's APIs that are authenticated with Okta.
Assumptions:
Google's services are being authenticated using Okta (User go to drive.google.com >> redirect to Okta >> authentication >> Google Drive is available).
We have a public app on Google - all works easily for non-Okta users.
What will be the best practice solution? Creating an Okta app? Exchanging access tokens in runtime? Something else?
After investigating the main role of Okta in Google Workspace, I found that OAuth 2.0 works as same as it works if Google authenticates the user.
You should trigger a simple authentication with Google, which by the end of the process, you'll receive an access token you can use.
Actually, Google uses SMAL to authenticate the user and then show a consent screen for additional scopes.
Graphic flow in here
I am curious about how Google's Authentication works. Does it use OAuth2.0 for Authorization? Or SAML for authentication? I tried intercepting the requests and responses, but I cannot determine how their authentication/authorization flow works.
Thanks in advance!
Signing in with a Google Account is based on OpenID Connect (OIDC). Google produces wrappers (libraries..) that do a lot of useful things on top of plain protocol. From Google's OIDC page:
If you want to provide a "Sign-in with Google" button for your website or app, we recommend using Google Sign-In, our sign-in client library that is built on the OpenID Connect protocol and provides OpenID Connect formatted ID Tokens.
G Suite also supports SAML for SSO to 3rd party apps. (You still authenticate with your Google Account)
Under the Auth0 dashboard, there is an option SSO Integrations with a number of listed applications such as Active Directory RMS, SharePoint and so on.
What does this exactly do? I'm trying to find some documentation around this.
The SSO Integrations provides you a packaged experience so that you can quickly configure any of the listed applications to use Auth0 for authentication.
This does not mean that you cannot integrate applications not mentioned in the list; it just means that those, possibly due to popularity, got special treatment.
For an example on integrating with Slack, check this tutorial (Integrate Auth0 with Slack).
You can configure Slack to login with Auth0. That way, users would be able to login with any of the identity providers supported by Auth0, such as Active Directory, LDAP, Google Apps, Facebook, Google, Twitter, and so on.
My ASP.NET MVC 4 application uses OpenID2 authentication that went with MVC templates (out of the box) and only uses Google accounts for authentication, no other social features are integrated.
Now I need to migrate OpenID2 because it will be shutdown in April:
Migration OpenID2
It seems that I could use one of two options to do this migration:
OpenID Connect
Google+ Sign-in
I would like to understand better which differences between the two methods and the advantages/disadvantages of one related to the other.
Until now, I think that the biggest difference is that OpenID Connect is used essencially to authentication and Google+ Sign-in has authentication and social features. Am I right?
Google+ Sign-In provides OAuth 2.0 (OpenID Connect) authentication with rich social features and access to additional Google desktop and mobile features.
Right from the link you have you can see that Google+ Sign-In is OpenID connect. Using Google+ Sign-In however adds some social features and some usability improvements for getting integrated into your site.
I'm trying to figure out what I need to do in order to achieve seamless SSO sign up.
When an administrator of a domain installs my google app, all of the users on his/her domain, should be able to sign-in through SSO without seeing any confirmation prompts. I'm looking into documentation on how to set this up:
Instead of displaying a confirmation page, your application should
match the value of the openid.realm parameter in the OpenID request
against the value declared in the application's manifest.
Is there an example of this? Also, I think Google stopped using XML manifest files once they switched from OpendID to OAuth 2.0. If so, how does this whitelist process work with OAuth 2.0?
Should I be utilizing Google Admin SDK?
Since google is moving away from OpenId, white listing instructions are obsolete. Found a blog post about Domain-wide delegation with Oauth 2.0. Google recommends the following:
the recommended authorization mechanism is now to use OAuth 2.0 and
service accounts. Google Apps domain administrators can delegate domain-wide authority to the service account’s credentials for a set of APIs. This results in allowing the application, by using the service account’s credentials, to act on behalf of the Google Apps domain’s users.
instructions on how to set up domain wide delegation - https://developers.google.com/drive/web/delegation
you can find detailed step to achieve seamless SSO sign up at the following url
http://david-codes.blogspot.com/2014/07/how-to-provide-seamless-single-sign-on.html