How to set up gmail account sso for OAuth2
The administration platform allows you to use the Google account for OAuth2 authentication. The corresponding procedure is detailed in this document.
A public URL that can be accessed from the web is required for update 9 of the web server to enable creating Google credentials. For example, the URL is: http://www.my_server.com
.
A Google account that will be used to administrate the service. This can be done by selecting the following link:
https://accounts.google.com/SignUp?continue=https%3A%2F%2Faccounts.google.com%2FManageAccount to set up an account.
For example, the account used is: my_admin_account@gmail.com
.
A name must be chosen which will be used as service name. This name must start with a letter (A-Z or a-z) followed by letters (A-Z or a-z), digits and underscores. In the following example, the name MyOauth2
is used.
oauth2
must be mentioned as a valid authentication method in nodelocal.js
This operation is done by a gmail user that will administer the authentication service from the Google page: https://console.developers.google.com. If you do not want to use your own account, you can create an administrative user in a preliminary step.
You have to authenticate with the corresponding Google account, and then you can create a project. In the example below, the project name is SageERPX3.
In this project, you must create credentials; under the APIs & auth section on the left list.
By using the Create a new Client ID
option, the following page appears where you must define the following:
![]() |
|
When you click Create Client ID, the page appears as follows:
It includes:
* A client ID
* A client secret
* The previously entered URL
This page defines the authentication service that will be used by the update 9 web server.
When you connect as my_admin_account@gmail.com
on the following URL: https://security.google.com/settings/security/permissions
, you will find the access right for this user to the basic account information as shown in the following screen:
This step is done by using the Oauth2 service definition. A dedicated record must be created with the following information as defined in the screen above:
/auth/oauth2/NAME/loginCallback
segment (where NAME is the service name).For every user who needs to get connected to Sage X3 People, you have to:
* Assign Oauth2 as the authentication method.
* Select the right Oauth2 service that has been defined.
* Set the gmail address used for authentication in the Email field.
If you return to the Oauth2 setup definition, you will notice that the users using this authentication method are now listed.
The login screen contains buttons for different authentication methods. The user must click on the button which shows the name of the service (as defined in the prerequisites above) IN CAPITAL LETTERS. There may be several buttons below the headline "External Accounts". Example:
A direct link can also be typed and set in your browser favorites:http://www.my_server.com/auth/oauth2/MyOauth2/loginStart
.
When this is done, you are redirected to the Google site to authenticate on your Google account if this has not already been done. Any email address for a user defined as using this authentication mode will be accepted if the password is correct. The page appears as follows:
The first time you log in with Google, you will be prompted by Google whether the Sage X3 People application may get access to the email address of that Google account. If you answer yes, you are able to login. The Sage X3 People application will then be contained in the settings of that Google account, and this question will no more be asked until you decide to revoke it. The screen of a normal user having access to several applications looks like this one:
Note that you need to log in with Google only once until you log out of Google or delete the browser cookies. Therefore, the Google login screen may not appear next time.