How to Configure Google Authentication on Local Omada Controller
112 Contents
Configuring Google authentication in the Controller
Objective
This article demonstrates how to configure Google Authentication on the Local Controller, including step-by-step Google Cloud OAuth API setup and integration for Google authentication.
Requirements
- Omada Software Controller
- Google OAuth API
Introduction
Omada Google Portal authentication integrates the Google OAuth API into the Portal of the Omada network management system, enabling users to conveniently and securely complete network authentication services using their Google accounts.
Prerequisites
- The Google authentication feature is based on the Google OAuth API. To meet the requirements of the Google OAuth API, when using Google authentication on the Local Controller, you need to have a domain name and a trusted certificate for that domain. Also, ensure that the DNS configuration can resolve the requests from web clients for that domain to the IP address of the Local Controller. For specific requirements of the domain name, please refer to the Google documentation: https://developers.google.cn/identity/protocols/oauth2/web-server#uri-validation
Configuration
Configuring Google OAuth API
Google authentication requires a Google OAuth API. If you haven't created one, follow the steps below to create and configure one.
Step 1. Please visit https://console.cloud.google.com/ to create a project for your Google authentication.
Step 2. After completing the project creation, access the APIs & Services section via the quick access or the sidebar.
Step 3. Enter and set up the OAuth consent screen.
Click GET STARTED.
Please fill in the required fields: App name, User support email, and then click NEXT.
Select Audience type as External and click Next.
Complete the contact information and click NEXT.
Select I agree to the Google API Services: User Data Policy and click CREATE.
Step 4. Go to the Data Access page and click ADD OR REMOVE SCOPES.
Scope refers to the extent to which account information and operations users authorize the Controller to access it. The scopes that need to be added are openid and user info.email. These two scopes are non-sensitive and are used by Google authentication to query Google for the user's unique identifier and email. The Controller will not retain the above user's personal information. After that, click UPDATE to save the settings(at the bottom of the page).
After updating scopes, don’t forget to save the settings.
Step 5. Create an OAuth client ID. In the sidebar, select APIs & Services >Credentials, and then choose OAuth client ID when creating credentials.
Select the application type as a Web application.
Fill in the Name, and in the "Authorized redirect URIs" field, enter the following URI: https://{Your domain name}:8843/portal/sociallogin/auth. The web client will use this URI to redirect back to the Controller after completing the login on Google to finish the subsequent authentication process.
After clicking Create, the Client ID and Client Secret will be displayed in a pop-up window.
You can also view them later by clicking on the corresponding entry in the client list. The Client ID and Client Secret are the credentials for your newly created Google OAuth API. The Controller will use them to perform Google authentication with your API.
Step 7. Go to the OAuth consent screen >Audience and click PUBLISH APP.
Configuring Google authentication in the Controller
Step 1. Select Google in the authentication type selection dropdown box on the Portal settings page. Then, in the Google authentication settings section below, fill in the Client ID and Client Secret of your Google OAuth API.
Step 2. Configure the HTTPS Certificate. You can configure the HTTPS certificate by following the link: How to Configure HTTPS Certificate to Avoid “Untrusted Certificate” Error - Business Community.
Step 3. Login testing and adding addresses exempt from authentication. Once the Google authentication configuration is done, use a terminal device to access the Portal page and test if the authentication process works.
Google login addresses vary by country and region. During the login test, you may face access issues. If so, note the inaccessible addresses via the browser's address bar or F12 devtools and add them to the exemption list.
After adding the address for authentication exemption, please conduct a login test again to verify that the login process can proceed normally.
Conclusion
The above is the entire introduction and configurations of Google Authentication; please configure them according to your needs.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Is this faq useful?
Your feedback helps improve this site.
