LogoLogo
  • PlaceOS Documentation
  • Overview
    • Key Concepts
      • Drivers
      • Interfaces
      • Modules
      • Settings
      • Systems
      • Triggers
      • Zones
    • Languages
      • Crystal
      • TypeScript
    • Protocols
      • MQTT
      • SAML
      • OAuth2
  • How To
    • Configure PlaceOS for Microsoft 365
      • Step 1: Room Calendar Access
        • Create Azure App Registration (Application Permissions)
        • Exchange Calendar Group
        • Limit Application Permissions
        • Configure PlaceOS Calendar Driver
      • Step 2: User Authentication & Calendar Access
        • Create a PlaceOS Authentication Source
        • Create Azure App Registration (Delegated Permissions)
        • Configure PlaceOS Authentication Source
        • Add User Login Redirects
      • Concierge Access
      • Troubleshooting
        • Blocked or Blacklisted IP Error
    • Configure PlaceOS for Google Workspace
      • Google Configuration
        • Create Google Cloud Project & Enable API
        • Configure Google Cloud Service Account
        • Add Google Workplace Permissions
        • Create Google Marketplace App (optional)
        • Google Workspace Service User (RBAC)
        • Configure Access to Google Resource Calendars
      • User Authentication
        • Create a PlaceOS Authentication Source for Google
        • Create Google Cloud OAuth2 Client App
        • Configure PlaceOS Auth Source for Google
        • Add User Login Redirects
    • Deployment
      • Deploy AWS Fargate on Modular CloudFormation Stacks
      • Deploy AWS Fargate on Nested CloudFormation Stacks
      • Writing Import Scripts
    • Analytics
      • MQTT Integration
    • Backoffice
      • Add a Domain to PlaceOS
      • Backoffice File Upload
      • Configure Staff API
      • Calendar Driver
      • Enable Sensor UI
      • Bookings Driver
      • Configure a webhook
    • Authentication
      • Azure B2C
        • Azure B2C Custom Policy Framework
        • Configure PlaceOS for Azure B2C
        • 365 Room Resources on Azure B2C
      • Configure SAML SSO
        • Configure SAML2 with AD FS
        • Configure SAML2 with Auth0
        • Configure SAML2 with Azure AD
        • Configure SAML2 with Google Workspace
      • Configure OAuth2 SSO
      • X-API Keys
      • Bearer tokens
    • Location Services
      • Location Services
      • Area Management
      • Discovering User Devices
      • Locating Users on a Network
      • People Finding with Cisco Meraki on PlaceOS
      • People Finding with Juniper Mist on PlaceOS
    • Notifications
      • Catering Orders
    • User Interfaces
      • Booking Panel App
      • Workplace App
      • Native Booking Panel App
      • Deploy a Frontend Interface
      • Microsoft Outlook Plugin
      • Configure Endpoint Auto Login
      • SVG Map Creation
      • Configuring a default UI
  • Tutorials
    • Setup a dev environment
    • Backend
      • Troubleshooting Backend Failures
      • Import Bookable Rooms
      • Writing A Driver
        • Testing drivers
        • ChatGPT / LLM Capabilities
          • Native GPT Plugins
      • Testing Internal Builds
    • Backoffice
      • Adding Drivers & Modules
      • Add Zone Structure
    • Common Configurations
      • Asset Manager
      • Catering
      • Locker Booking
      • Webex Instant Connect
      • Desk booking
      • Sensor Data Collection
        • Configure Kontakt IO
        • Configuring Meraki
        • Configuring DNA Spaces
      • Elevated Privileges
  • Reference
    • API
      • Real-time Websocket
      • Rest API
      • Staff API
    • Drivers
      • PlaceOS
        • Bookings
        • Staff API
        • Visitor Mailer
        • Lockers
      • Microsoft
        • Graph API
    • PlaceOS Skills
    • Privacy Policy
    • Recommended Products
    • Supported Integrations
    • System Architecture
    • System Functionality & Requirements
    • Infrastructure Requirements
    • Security Compliance
      • FAQ
      • GDPR
      • Security
    • Microsoft Azure Permissions
  • Glossary
  • 🎯PlaceOS Roadmap
  • 🆘PlaceOS Support
  • 👩‍💻PlaceOS Github
  • 📝PlaceOS Changelog
Powered by GitBook
On this page
  • Prerequisites
  • Procedure
  • Configuring fields
  • Google Example
Export as PDF
  1. How To
  2. Configure PlaceOS for Google Workspace
  3. User Authentication

Configure PlaceOS Auth Source for Google

PreviousCreate Google Cloud OAuth2 Client AppNextAdd User Login Redirects

Last updated 2 years ago

Prerequisites

  • PlaceOS BAckoffice Administrator Access

  • client_id and secret obtained from Google.

Procedure

  1. In PlaceOS Backoffice navigate to the Domains tab.

  2. Select the domain you would like to add Microsoft Authentication to.

  3. Click the Authentication Tab.

  4. Identify the OAuth Source previously created.

  5. Click the Edit Icon.

  6. Update missing fields per the table below

Configuring fields

These fields are specific to the OAuth2 provider and tend to differ slightly between providers.

Details on how will be used to describe the following fields

  • name: a friendly name for this authentication configuration

  • client_id: the id provided by the OAuth2 provider when you added a new application

  • client_secret: as above

  • site: the URL of the application requesting access (https://poc.placeos.com in the screenshot above)

  • scope: the scopes, space separated, for the APIs that are intended to be accessed

  • token_method: POST or GET, Google uses a POST to obtain a token

  • authentication_scheme: do we use request params or request body to obtain a token, Google uses the body

  • token_url: the URL to obtain a token from, Googles is https://oauth2.googleapis.com/token

  • authorize_url: this is the URL that initialises the OAuth2 request. .

  • user_profile_url: the is is the URL we can use to test the OAuth2 token and obtain user details

  • info_mappings: this maps PlaceOS fields to User Profile fields

  • authorize_params: query params to pass along with the authorize URL

  • ensure_matching: authorization response fields that should match

Google Example

An example configuration that works with Google

  • scope: profile email

    • https://www.googleapis.com/auth/admin.directory.user.readonly

    • https://www.googleapis.com/auth/admin.directory.group.readonly

    • https://www.googleapis.com/auth/userinfo.email

  • token method: POST

  • Auth Scheme: Request Body

  • Info Mappings: (PlaceOS -> Google)

    • email -> email

    • first_name -> given_name

    • last_name -> family_name

    • uid -> sub

    • image -> picture

    • access_token -> token

    • refresh_token -> refresh_token

    • expires -> expires

    • expires_at -> expires_at

  • Authorise Params

    • access_type -> offline (this will return a refresh token)

    • prompt -> consent (ensures we are always sent a new refresh token on login)

  • Ensure Matching

    • hd -> my.google.apps.domain (typically the domain after the @ in your login name)

The above stores a refresh token against each user for scoped directory access. A simpler version if token based access isn't required could be:

Token URL:

Authorize URL:

User Profile URL:

Google handles OAuth2
Google details here
https://oauth2.googleapis.com/token
https://accounts.google.com/o/oauth2/auth
https://openidconnect.googleapis.com/v1/userinfo