These instructions only apply if you have a standalone installation of Orchestrator. If you are using Orchestrator in Automation Suite, follow the Automation Suite instructions instead.
Prior to enabling Google SSO, you must create authorization credentials for Orchestrator from the Google Console.
- Integrate Google Sign-In and create an OAuth client ID as follows:
For the Authorized redirect URI, add the Orchestrator URL, plus the suffix
/identity/google-signin. For example,
- Save the Client ID and Client Secret. You'll use them later when you enable Google SSO from the Management portal.
Now you must configure Google as an external identity provider in Orchestrator.
- Log in to the Management portal as a system administrator.
- Go to Users and select the Authentication Settings tab.
- In the External Providers section, click Configure under Google.
- Select the Enabled checkbox.
- If you want to only allow logging in to Orchestrator via Google SSO, select the Force automatic login using this provider checkbox.
- In the Display Name field, type the label you want to appear under the Google authentication button on the Login page.
- In the Client ID field, paste the value obtained from the Google Console.
- In the Client Secret field, paste the value obtained from the Google Console.
- Click Test and Save to save the changes to the external identity provider settings.
- Restart the IIS site. This is required after making any changes to External Providers.
Now that Orchestrator is integrated with Google Sign-In, user accounts that have a valid Google email address can use the Google SSO option on the Login page to sign in to Orchestrator.
Each organization administrator must do this for their organization/tenant if they want to allow login with Google SSO.
- Log in to Orchestrator as an administrator.
- Add local user accounts, each with a valid Google email address.
Updated 5 months ago