Versions Compared

Old Version 2

changes.mady.by.user XCALLY Knowledge

Saved on

compared with

New Version Current

changes.mady.by.user Product Knowledge

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
InfoBefore starting, please

ON THIS PAGE

Table of Contents
minLevel1
maxLevel7

What it’s about

Single sign-on (SSO) is an access management function that enables users to log in with a single set of identity credentials to multiple accounts, software, systems, and resources.

XCALLY gives its users the possibility to access XCALLY using Google credentials (gmail and password).
For agents, SSO feature is available only for WebRTC Agents (and not for Phonebar Agents)

Image Added

How to set up

XCALLY Configuration

Please check in the General Settings the Single Sign-On property has been turned on

!

Image Removed

Creating a Google API Console project and client ID

Info

For any additional information please refer to the Official Google Documentation here

Go

:

  • From General Setting Menu, access the SSO section

  • Enable Google SSO

Image Added

  • In order to make the Google SSO work, XCALLY users (agents, users, admin) must login to Google with the same GMAIL configured in the XCALLY Staff Settings.

Image Added

If they are already logged into the Chrome browser, they need just to click on the red button.

Image Added

Google Configuration

Access to the Google Developers Console (https://console.developers.google.com)

  • Click on the credentials tab and select or add a new project

    • Image Removed

    Image Removed

    • Create a project if you need

    Image Removed

    • Now you can add the credentials to access the APIs, click "Create credentials" and select "OAuth client ID"

    Image Removed

    Image Removed

    • Configure the consent screen if required

    Image Removed

    Image Removed

    • Once you complete the consent screen configuration, you can continue to creating credentials

    Image Removed

    Note

    Insert in the authorized URIs field the URI related your Motion server

    with Google credentials

    Create a new Google API Consoleproject

    • From the Navigation Menu, choose IAM & Admin and select Create a Project

    Image Added

    • Fill the required fields and click on Create

    Image Added

    Generate Credentials

    • Select the specific Project you want to generate the credentials for, in the Google Cloud top bar

    • From the Navigation Menu, choose APIs & Services and select Credentials

    Image Added

    • Remember to configure the OAuth consent screen with information about your application.

    Image Added

    • Click on Create Credentials

    Image Added

    • Select OAuth client ID

    Image Added

    • Choose Web Application as app type

    Image Added

    • Save and get you client credentials

    Image Removed

    Enable Google People API: browse the APIs libraries and select the Google People API

    Image Removed

    Motion server configuration

    edit the file 

    Image Added

    • Click on Add URI and Create

    • Google will generate the credentials:

    Image Added

    Save these values:

    • CLIENT ID

    • CLIENT SECRET

    • REDIRECT URI

    Server Configuration

    • Access the SSH Console

    • Run the following commands:

    su motion

    cd /var/opt/motion2

    /server/config/environment/production.jsand replace the following

    User authentication

    In order to use the Google SSO, the XCALLY users must have the proper Google account set as "email" in the Motion Staff section.

    Image Removed

    If they are already logged into the Chrome browser, they need just to click on 

    Image Removed

    Otherwise, Google will ask them the account credentials

    Image Removed

    Filter by label (Content by label)
    showLabelsfalse
    max5
    spacesXMV
    showSpacefalse
    sortmodified
    reversetrue
    typepage
    cqllabel in ( "google" , "users" , "web-interface" , "agents" , "sso" ) and type = "page" and space = "XMV"
    labelsGoogle SSO web-interface agents users

    Page Properties
    hiddentrue
    Related issues

    nano .env

    • Uncomment (remove the # ) the Google-related rows:

    Code Block
    languagejs
    google: {
        clientID: process.env.GOOGLE_ID || 'id',
        clientSecret: process.env.GOOGLE_SECRET || 'secret',
        callbackURL: (process.env.DOMAIN || 'https://YOUR_MOTION_IP') + '/api/auth/google/callback'
    }

    with the Google application ID, example:

    Code Block
    languagejs
       google: {
        clientID: process.env.GOOGLE_ID || '1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com',
        clientSecret: process.env.GOOGLE_SECRET || 'abc-123456abcdefghijklmn',
        callbackURL: (process.env.DOMAIN || 'https://pbx2.xcally.com') + '/api/auth/google/callback'
    }

    restart the motion service to apply the change

    Code Block
    su motion
pm2 restart motion2
    Image Added

    • Insert the required values with those generated in the Google Configuration:

    Image Added

    GOOGLE ID='CLIENT ID'

    GOOGLE SECRET= 'CLIENT SECRET'

    DOMAIN: 'REDIRECT URI'

    • Press CRTL+X

    • Press Y to save changes

    • Press Enter

    Re-initialize the Xcally Motion V3 application for the variables changes to take effect, using the following commands:

    npm run initialize

    Note

    Remember that this command restart Motion Services!

    • Make sure that services are up by running the command:

    pm2 list

    The Google SSO is ready to be used!