Skip to main content
info
This documentation is for version v2.4 of the product.
For the latest version(v2.7) documentation click here
Version: v2.4 print this page

Google SSO

Amazon Cognito integrates with Google to enable existing Gmail and GSuite users to sign-on to Amorphic Data Cloud. This section explains how to register and set up your application with Google as an identity provider.

What is Single Sign-On?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. SSO works based upon a trust relationship set up between an application, known as the service provider, like Amorphic Data Cloud and an identity provider, like Google. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source.

Pre-requisites for Google Identity Provider

Before we proceed with the Google IDP setup, we need the following pre-requisites:

  1. Google Developers account -https://console.developers.google.com/
  2. Amazon AWS account
  3. A Cognito user pool with an application client and a user pool domain

Steps to register Amorphic app with Google

  • Create a Google API Console project
  • Get OAuth 2.0 client credentials

Create a Google API Console project

  1. Login to Google Developer console using this link. If there are no projects created within the console then you should see a webpage like below image. Click on the CREATE PROJECT

image

If there are existing projects within the console then you can click the projects dropdown menu on top-left corner and then click NEW PROJECT

image

  1. In the New Project page, enter a Project name. For Location, choose BROWSE, and then select an organization (if applicable). Choose CREATE.

image

Get OAuth 2.0 client credentials

  1. In the Google API Console, on the Credentials page, choose Create credentials, and then choose OAuth client ID.

image

  1. On the Create OAuth client ID page, for Application type, choose Web application.

  2. Enter OAuth client Name. This name is only used within the Google console to identify the client.

  3. For Authorized JavaScript origins, enter your Amazon Cognito domain. Amazon Cognito domain value can be found in AWS Management Console -> Services -> Cognito -> Manage User Pools -> select user pool -> Domain name (in left navigation pane):

    https://<yourDomainPrefix>.auth.<region>.amazoncognito.com
Note

Replace yourDomainPrefix and region with the values from your user pool.

image

  1. For Authorized redirect URIs, enter below URI:

    https://yourDomainPrefix.auth.region.amazoncognito.com/oauth2/idpresponse
Note

Replace yourDomainPrefix and region with the values from your user pool.

  1. Click CREATE and it will generate Client ID and Client Secret.

image

  1. In the OAuth client dialog, find the Client ID and Client Secret, and then note them for later. You'll need these when configuring Google in Amorphic application.

image