This section includes instructions on how to register ZEN Master as an SSO app on GCP and configure the connection between ZEN Master and GCP. To complete this process, you need to log in as an Admin on both the GCP side and the ZEN Master side. It is, therefore, recommended to have both open in parallel.
To setup ZEN Master GCP SSO:
On the GCP home page, click APIs & Services > Credentials.
Click + Create Credentials.
From the options shown, click OAuth client ID.
| Info |
|---|
If this is your first time creating an OAuth client ID, you will need to configure your OAuth consent screen. For more information, see Setting up Oauth 2.0. |
4. In the Application type field, select Web application.
5. In the Name field, enter a name for the SSO app. (This name is only used to identify the client in the console, and will not be shown to end users.) For example, "ZEN Master".
6. In the ZEN Master UI, go to Account Management > Single Sign-On.
7. Click +Add.
The Create New Single Sign-On screen opens.
8. Copy the Callback URL to your clipboard.
9. In GCP, in the Authorized redirect URIs section on the Create OAuth client ID screen, click + ADD URI.
10. Paste the Callback URL in the field that is displayed.
11. Click Create.
The OAuth client is created, and a window with your client ID and client secret opens.
12. Click the Your Client ID copy button.
13. In ZEN Master, paste the Client ID in the Client ID field.
14. Back in GCP, copy the Client Secret, and paste it in the Client Secret field in ZEN Master.
15. In ZEN Master, in the Name field, enter a name for this SSO connection, for example GCP SSO. This is the name that will be displayed on the GCP button in the ZEN Master Sign In portal.
16. In the Authorization URL field, enter the Authorization URL, for example: https://accounts.google.com/o/oauth2/auth.
17. In the Token URL field, enter the Token URL, for example: https://oauth2.googleapis.com/token.
18. If you want to manually register GCP users to ZEN Master (see Pre-registering users in ZEN Master section) before granting access, select the Allow pre-registered users only checkbox. The registration is simple and only involves entering the user's email.
19. In ZEN Master, click Save. GCP SSO is added to the list of SSO profiles. GCP users will be able to connect to ZEN Master by selecting the newly created SSO option under Sign In With. During the first connection you may be required to provide permission to connect through GCP to ZEN Master. As an administrator, you can select Consent on behalf of your organization option, which will not require additional consent by the other users.
However, if you have selected the Allow pre-registered users only option you will need to manually pre-register the users by following the instructions below.