Single Sign-On (SSO) with Google Workspace

This article outline how to configure Single Sign-On with Google Workspace.

General documentation regarding SSO can be found here: Single Sign-On (SSO)

Prerequisites

  • Access to integration settings in Eletive
  • Appropriate access rights in Google Workspace 
  • Created a project in Google Cloud Console

Also note the Internet Exploter should NOT be used, use a modern and secure browser (e.g. Chrome). 

In Google

  • When in the Google Cloud Console, start by navigating to "API & Services" and "Credentials".  
  • Click on "Create Credentials"
    • Select "OAuth client ID"
    • For "Application type", select "Web application"
    • For "Name" type an appropriate name e.g. "Eletive SSO"
    • For "Authorized JavaScript origins", press "ADD URI" and provide "https://app.eletive.com"
    • For "Authorized redirect URIs", press "ADD URI" and provide "https://app.eletive.com/signin/openid"
    • Press "Create"
  • A pop up will show that the OAuth client has been created. In this pop-up your Client ID and Client Secret is shown. You'll be providing the Client ID in Eletive, make sure to store these safely. 

In Eletive

  • Start by navigating to "Setting -> Integrations" in Eletive
  • Select "Single Sign-On"
    • If it is not present, it needs to be activated in the features panel
    • Navigate to "Settings ->Features" activate "Integrations" and "Single Sign-On". After this Integrations will be visible under "Settings"  
  • In the "Choose provider" dropdown, select "Other, (OpenID)"
    • Well Known URL is: https://accounts.google.com/.well-known/openid-configuration
    • Copy and paste "Client ID" from Google
  • Email field (optional field): it is possible to specify which field the id_token to use for authentication. Note that emails for Eletive users need to match email in the id_token field. 
  • Restrict Single Sign-On domains: it is possible to restrict Single Sing-On to specfic domains or include all domains. Specific domains can be included or excluded depending on the use case. 
  • Press "Connect"
  • Test it by opening an incognito browser window and try to sign in to Eletive. This time Google should be used for authentication, by being redirected to an Google authentication window. 

Tip: When testing, stay logged in to your Eletive account in a separate tab, this way you can simply remove or reconfigure the SSO connection if needed when testing.