Single Sign-On (SSO) with Google Workspace

General documentation regarding SSO can be found here: Single Sign-On (SSO)

Prerequisites

• Access to integration settings in Eletive
• Appropriate access rights in Google Workspace 
• Created a project in Google Cloud Console

Configuration steps

In Google

1. When in the Google Cloud Console, start by navigating to "API & Services" and "Credentials".  
2. Click on "Create Credentials"
   • Select "OAuth client ID"
   • For "Application type", select "Web application"
   • For "Name" type an appropriate name e.g. "Eletive SSO"
   • For "Authorized JavaScript origins", press "ADD URI" and provide "https://app.eletive.com"
   • For "Authorized redirect URIs", press "ADD URI" and provide "https://app.eletive.com/signin/openid"
   • Press "Create"
3. A pop up will show that the OAuth client has been created. In this pop-up your Client ID and Client Secret is shown. You'll be providing the Client ID in Eletive, make sure to store these safely. 

In Eletive

1. Navigate to Settings / Features in the left side bar, enable feature "Single Sign-On".

2. Now navigate to Settings / Integrations, click on "Single Sign-On"

3. In the "Choose provider" dropdown, select "Other, (OpenID)"
   
   • Well Known URL is: https://accounts.google.com/.well-known/openid-configuration
   • Copy and paste "Client ID" from Google
4. Email field (optional field): it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
5. Restrict Single Sign-On domains: it is possible to restrict Single Sing-On to specfic domains or include all domains. Specific domains can be included or excluded depending on the use case.
   • Enter the domain name without @ sign, for example: entergmail.com and NOT @gmail.com
6. Press "Connect"
7. Test it by opening an incognito browser window and try to sign in to Eletive. This time Google should be used for authentication, by being redirected to an Google authentication window.