Add Google login
# Add Google login
You can add Google login to your applications using Asgardeo and enable users to log in with their Google account.
Follow this guide for instructions.
# Register Asgardeo on Google
You need to register Asgardeo as an OAuth2.0 application on Google.
You can follow the Google documentation (opens new window) for detailed instructions.
Go to the Google Developer console (opens new window), create a new project or select an existing project.
If the APIs & services page isn't already open, do the following:
Open the navigation menu and click View all products.
Under Management, click APIs & Services.
Configure your consent screen, if you haven't done so, by clicking OAuth consent screen.
For more information, see User Consent (opens new window)
Go to the Credentials page, click Create Credentials, and select OAuth client ID.
Select the Web application as the application type.
Provide a name for your app and the following URL as the Authorized Redirect URI of the application:
Take note of the client ID and client secret generated for the application.
# Register the Google IdP
Now, let's register the Google IdP in Asgardeo.
On the Asgardeo Console, go to Connections.
Click New Connections and select Google.
Enter the following details of the Google identity provider and click Finish:
Parameter Description Name A unique name for this Google identity provider. Client ID The client ID obtained from Google. Client secret The client secret obtained from Google.
Claim syncing for JIT-provisioned users
When a user with a local Asgardeo account uses the same email address to log in through an external identity provider, Asgardeo syncs the claims from the JIT-provisioned user account and the local account.
According to the default behavior of Asgardeo, when JIT user provisioning is enabled, the user claims of the local user account are overridden by the user claims received from the external identity provider.
You can use Asgardeo's identity provider APIs to configure claim syncing between the external identity provider and the local user accounts. This gives you the flexibility to customize the claim syncing behavior according to your specific requirements.
After the Google identity provider is created, go to the Settings tab and see the list of scopes to which Google has granted permissions.
- email: Allows to view the user's email address.
- openid: Allows authentication using OpenID Connect and to obtain the ID token.
- profile: Allows to view the user's basic profile data.
Asgardeo needs these scopes to get user information. Asgardeo checks the attribute configurations of the application and sends the relevant attributes received from Google to the app. You can read the Google documentation (opens new window) to learn more.
# Enable Google login
Follow the steps below to enable Google as a sign-in method for your application.
Before you begin
On the Asgardeo Console, go to Applications.
Select your application, go to its Sign-in Method tab and add Google login from your preferred editor:
Asgardeo recommends adding your social and enterprise connections to the first authentication step as they are used for identifying the user.
Using the Classic Editor
To add Google login using the classic editor:
If you haven't already defined a sign-in flow, click Start with Default configuration to get started.
Click Add Authentication on the step, select your Google identity provider, and click Add.
Using the Visual Editor
To add Google login using the Visual Editor:
Switch to the Visual Editor tab, by default the
Username & Passwordlogin flow will be added onto the Visual Editor's workspace.
+ Add Sign In Optionto add a new authenticator to the same step and select your Google connection.
Click Update to save the configurations.
# Try it out
Follow the steps given below
Access the application URL.
Click Login to open the Asgardeo login page.
On the Asgardeo login page, Sign in with Google.
Log in to Google with an existing user account.
When a user successfully logs in with Google for the first time, a user account is created in the Asgardeo Console with the Google username. This new user account will be managed by Google.
# Enable Google One Tap
Google One Tap allows users to login to an application with a single click using their existing Google credentials. Since users can sign in with Google without being taken away from the context of the application, it allows for a more simple and a seamless login experience.
# Configure Google One Tap
You can enable Google One Tap for your application by following the steps below.
On the Google Developer Console,
Follow the above guide to register Asgardeo on Google as a web application.
Click Save to update the changes.
On the Asgardeo Console,
Follow the above guide to Register the Google IdP.
Go to Connections, and select your created Google connection.
Go to its Settings tab and enable Google One Tap.
Click Update to save the changes.
In your application, follow the guide above to enable login with Google.
Google One Tap prompt appears for Chrome and Firefox browsers across Android, iOS, Linux and Windows 10. Safari and Edge users will not see the prompt.
# Try out Google One Tap
Once you configure Google One Tap for your application, access the application from a browser with an existing Google session. Your Asgardeo login page will look as follows.
Click Continue as <user> and the user will be logged in to the application with the existing Google session.
# Map groups with Asgardeo
Follow the steps below to map the groups attribute of your connection with Asgardeo:
- On the Asgardeo Console, go to Connections.
- Select your connection and go to the Groups tab.
Note that the Groups tab is only available for enterprise and social login connections.
- Enter the name of the connection's group attribute you wish to map to the group attribute of Asgardeo.
- Click Update.
- Click + New Group and enter the group name. Ensure that the name matches the configuration in the federated connection.
- Click Finish to add the group information.
# Delete a connection
Before you begin
If your connection has applications associated with it, you will not be able to delete the connection.
Before deleting such connections:
- Check the associated applications from the Connected Apps tab of the connection.
- Click on an application that uses the connection and you will be redirected to the Sign-in Method tab of the respective application.
- Remove the connection from the sign-in flow of the associated applications.
- Repeat steps 2 and 3 for all listed applications.
- Proceed to delete the connection.
To delete a connection that does not have any applications using it:
On the Asgardeo Console, go to Connections.
Click Set up and navigate to the General tab.
At the bottom of the page, click the button in the Delete connection.
You cannot delete connections that are available by default.
Select the checkbox and confirm your action.