What
is Goggle SSO?How to configure itit’s about
Single sign-on (SSO) is an access management function that enables users to log in with a single set of identity credentials to multiple accounts, software, systems, and resources.
XCALLY gives its users the possibility to access XCALLY using Google credentials (gmail and password).
For agents, SSO feature is available only for WebRTC Agents (and not for Phonebar Agents)
How to set up
XCALLY Configuration
Please check in the General Settings the Single Sign-On property has been turned on:
From General Setting Menu, access the SSO section
Enable Google SSO
In order to make the Google SSO work, XCALLY users (agents, users, admin) must have the proper Google account set as "email" in the Motion Staff section.
XCALLY users must use the email confiugured in XCALLY to Login with Google.
login to Google with the same GMAIL configured in the XCALLY Staff Settings.
If they are already logged into the Chrome browser, they need just to click on the red button.
Google Configuration
Access to the Google Developers Console (https://console.developers.google.com) with Google credentials
Create a new Google API Consoleproject
From the Navigation Menu, choose IAM & Admin and select Create a Project
Fill the required fields and click on Create
Generate Credentials
Select the specific Project you want to generate the credentials for, in the Google Cloud top bar
From the Navigation Menu, choose APIs & Services and select Credentials
apiS & sERVICES
Click on the credentials
STAMP SSO 1
Create CREDENTIALS
STAMP SSO
Now you can add the credentials to access the APIs, click "Create credentials" and select "OAuth client ID"
STAMP
SELECT WEB APPLICATION
STAMP SSO
REDIRECT URI : HTTPS… MOTION DOMAIN/API/callback + ADD uri
Insert in the authorized URIs field the URI related your Motion server
Remember to configure the OAuth consent screen with information about your application.
Click on Create Credentials
Select OAuth client ID
Choose Web Application as app type
Enter the Redirect URI related to your Motion server: https://{{MOTION_IP}}/api/auth/google/callback
STAMP SSO 6
ti da le credenziali (valori che devi inserire in ssh)
Click on Add URI and Create
Google will generate the credentials:
Server Configuration
VAI INAccess the SSH
Console
Run the following commands:
su motion
poi comando:
cd /var/opt/motion2
poi
nano .env
STAMP DEL SERVER SSO 7
RIMUOVI Il cancelletto (uncomment) dei valori
inserisci i valori (tra le ' )
Google ID è CLiENT ID
CLIENT SECRET
DOmani è URI
CRTL X per salvare
Y per dare ok per confermare modifiche
dai invio
Uncomment (remove the # ) the Google-related rows:
Insert the required values with those generated in the Google Configuration:
GOOGLE ID='CLIENT ID'
GOOGLE SECRET= 'CLIENT SECRET'
DOMAIN: 'REDIRECT URI'
Press CRTL+X
Press Y to save changes
Press Enter
Re-initialize the Xcally Motion V3 application for the variables changes to take effect, using the following commands:
npm run initialize
Note |
---|
questo comando riavvia i serivizi di motion Remember that this command restart Motion Services! |
Make sure that services are up by running
pm2 list
Motion server configuration
edit the file /var/opt/motion2/server/config/environment/production.js
and replace the following rows:
Code Block | ||
---|---|---|
| ||
google: {
clientID: process.env.GOOGLE_ID || 'id',
clientSecret: process.env.GOOGLE_SECRET || 'secret',
callbackURL: (process.env.DOMAIN || 'https://YOUR_MOTION_IP') + '/api/auth/google/callback'
} |
with the Google application ID, example:
Code Block | ||
---|---|---|
| ||
google: {
clientID: process.env.GOOGLE_ID || '1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com',
clientSecret: process.env.GOOGLE_SECRET || 'abc-123456abcdefghijklmn',
callbackURL: (process.env.DOMAIN || 'https://pbx2.xcally.com') + '/api/auth/google/callback'
} |
restart the motion service to apply the change
Code Block |
---|
su motion
pm2 restart motion2 |
the command:
pm2 list
The Google SSO is ready to be used!