Configuring SSO authentication with Google
Introduced in 2022.1
This article explains how to integrate Alloy Navigator Express web apps with Google for Single Sign-On, so your users can sign in to Alloy Navigator Express with their Google accounts.
IMPORTANT: The current version of Alloy mobile apps for technicians (Alloy Navigator mobile and Alloy Inventory Scanner) does not support SSO via Google. We are working on making that happen. Please keep up with updates.
PREVIOUS STEP: Before you begin, see Managing single sign-on (SSO) providers for basic information and prerequisites.
Register Alloy Navigator Express in Google
First, you need to register your Alloy web apps in Google, add the required scopes, and get an OAuth 2.0 client ID and client secret.
Define a consent screen and add scopes
Scopes express the permissions you request users to authorize for Alloy web apps and allow your apps to access specific types of private user data from their Google accounts.
In your Google Cloud Platform console, create a new project for Alloy web apps.
- Click NEW PROJECT.
- If prompted, agree to the terms of service for Google Cloud Platform.
- Enter a project name that will help you manage OAuth for Alloy SSO; for example:
- Click CREATE.
In the Dashboard navigation bar, click the APIs & Services option.
In the APIs and Services navigation bar, click OAuth consent screen.
Choose the user type for your project. Learn more about user types in Google projects.
Specify app information about your Alloy web apps. Note that the App Name, User support email, and Developer contact information fields are mandatory.
On the Scopes screen, click ADD OR REMOVE SCOPES and add the following scopes:
Note that the required scopes are the top three scopes the dashboard offers. Select the check boxes as shown in the screenshot below.
Click Save and Continue to proceed.
Navigate to the Summary screen, review your settings, and click BACK TO DASHBOARD.
Get an OAuth client ID and secret
Use the Credentials option to get an OAuth client ID and secret.
In the APIs and Services navigation bar, click Credentials.
Select + CREATE CREDENTIALS > OAuth client ID on the top.
In the Application type list, select Web application.
In the Name field, type in a name to help you manage OAuth for Alloy Navigator Express; for example:
Alloy Web Apps.
In the Authorized redirect URIs field, enter the redirect URIs for your Alloy Navigator Express web apps (the Web App and Self Service Portal):
[Web App URL]/signin-oidc
IMPORTANT: The Web App URL and SSP URL must use HTTPS, not HTTP.
Note that a single app registration serves all your Alloy web apps, as shown in the screenshot below. Add a redirect URI for every Alloy web app instance you want to use SSO.
The OAuth client is created, and the dashboard displays you the Client ID and secret. Copy the displayed values , you will need them later.
Now you can close OAuth client created window.
TIP: You can access your client ID and secret at any time in your Google Cloud Platform console, at the Credentials page.
- Go back to Oauth consent screen and click PUBLISH APP to make your Alloy web apps available for users Google accounts.
Create an SSO Provider record for Google in Alloy Navigator Express
Authority - the OpenID Connect endpoint URL (
for Google, it is https://accounts.google.com);
Client ID - the OpenID Connect client ID provided by
Client Secret - the client secret for the Alloy Navigator Express app provided by
Full Name Claim - the claim where
User Name Claim - the claim where
To add an SSO Provider record for
In Alloy Navigator Express Settings, go to Accounts and Roles > SSO Providers and select New > from the Module menu. The
Customdialog box opens.
In the Name field,
type Google. Alloy Navigator Express users will see that name in their sign-in dialog as Sign in with [Name].
In the Authority field,
Provide the credentials of your Alloy web apps from
Client ID - the unique identifier that Alloy apps will use when requesting an access token from
Client Secret - the secret string that the Alloy apps will use to prove its identity when requesting an access token from
When users sign in, their user information from
Typically, you can keep the default values in the Full Name Claim
(and the User Name Claim
Click OK to save your record.
NEXT STEP: Step 3: Configure the Alloy Navigator Express apps to use SSO.