[]
        
(Showing Draft Content)

Google Cloud Service

Google Cloud Service provides Cloud Identity as your Identity Provider (IdP) that supports OpenID Connect (OIDC) for SSO based access to the Wyn Enterprise application users. You can configure SSO to the Wyn Enterprise application with the Google Cloud Service.

Before configuring SSO, make sure that you have installed the Wyn Enterprise application version 6.0 or above and have access to the Google Cloud Platform with a user account in Cloud Identity or Google Workspace. Follow the below instructions to configure SSO with Google Cloud Service,

Configuration Node Management

Add the SSO configuration node to the Wyn configuration file, Wyn.conf, and ensure the following,

  • AuthenticationProtocol option must be OAUTH.

  • Scheme is optional. In case, you don't specify the Scheme option in the configuration file, the value of this option will be set to Oauth, by default.

  • Disabled option is used to disable the SSO function.

  • AuthorizationEndpoint, TokenEndpoint, UserInformationEndpoint, ClientId, and ClientSecret options are mandatory and are available in your Google Cloud Service.

  • CallbackPath is optional and if not specified, the default value of this option is /signin-oauth. Ensure that the CallbackPath matches the Redirect URI you specified in the Google Cloud Service.

    <Server>
    <Authentication>
    <SSO>
    <AuthenticationProtocol>OAUTH</AuthenticationProtocol>
    <Scheme>Google</Scheme>
    <AuthorizationEndpoint>https://accounts.google.com/o/oauth2/v2/auth</AuthorizationEndpoint>
    <TokenEndpoint>https://www.googleapis.com/oauth2/v4/token</TokenEndpoint>
    <UserInformationEndpoint>https://www.googleapis.com/oauth2/v2/userinfo</UserInformationEndpoint>
    <ClientId>{your_client_id}</ClientId>
    <ClientSecret>{your_client_secret}</ClientSecret>
    <Scopes>
    <sys:string>openid</sys:string>
    <sys:string>profile</sys:string>
    <sys:string>email</sys:string>
    </Scopes>
    <ClaimMappings>
    <sys:Item>
    <Key>sub</Key>
    <Value>id</Value>
    </sys:Item>
    <sys:Item>
    <Key>name</Key>
    <Value>name</Value>
    </sys:Item>
    <sys:Item>
    <Key>given_name</Key>
    <Value>given_name</Value>
    </sys:Item>
    <sys:Item>
    <Key>family_name</Key>
    <Value>family_name</Value>
    </sys:Item>
    <sys:Item>
    <Key>email</Key>
    <Value>email</Value>
    </sys:Item>
    <sys:Item>
    <Key>avatar</Key>
    <Value>picture</Value>
    </sys:Item>
    </ClaimMappings>
    </SSO>
    </Authentication>
    </Server>

See the Additional SSO Settings section of the Configure Single sign-on help doc for information on configuring the cookies and incognizant user login options.