SSO - Google

Objective

This document provides instructions on how to configure Google SSO integration to F5® Distributed Cloud Services for your enterprise account. For an overview of F5® Distributed Cloud Console, see About.

Note: SSO setup requires you to be of the tenant owner type user. Navigate to General > IAM > Users. Select on the Show/hide column, select the Type field, and select Apply to display the Type column. For the tenant owner, the Type column displays Tenant Owner and others, it displays User.


Prerequisites

The following prerequisites apply:

  • Google Cloud Account with Admin Access
  • Note: This can be an existing G-Suite account.

Configuration Steps

Step 1: Create a project in the Google Developer Console.

GOOGLECP 1
Figure: GCP IAM and Admin View

  • Enter a project name.

  • Set a project ID using the EDIT button as per your preference.

  • Select Create.

GCP2
Figure: Create a new project

Step 2: Start OAuth consent settings.
  • Select - menu icon to right of Google Cloud Platform in upper-left corner.

  • Select APIs & Services in pop-out menu.

  • Select OAuth consent screen.

  • Select Internal.

  • Select Create button.

GCP APIMENU3
Figure: API Credentials

Step 3: Fill in OAuth consent screen details.
Step 4: Create OAuth credentials.
  • Open Credentials tab.

  • Select OAuth client ID under Create credentials button.

  • Create OAuth client ID and client secret.

GCP CRED4
Figure: Credentials Tab

Note: Leave Authorized redirect URIs field as blank, this can be provided once the URI is obtained from F5® Distributed Cloud Console SSO Portal.

Step 5: Copy the generated credentials.

Once credentials are created a Client ID and Client Secret are generated which are required to set SSO. Copy the same to be provided in F5® Distributed Cloud Console.

Step 6: Start SSO setup in the F5® Distributed Cloud Console.

Features can be viewed, and managed in multiple services.

This example shows SSO setup in Administration.

  • Open F5® Distributed Cloud Console homepage, select Administration box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

NEW HOME PAGE C
Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Tenant Settings in left column menu > select Tenant Options.

Note: If options are not showing available select Advanced nav options visible Show link in bottom left corner. Select Hide to minimize options from Advanced nav options mode if needed.

  • Select Set up SSO button.

SSO 1
Figure: SSO

  • Select Google in Please choose a service Provider in pop-up window.

  • Select Continue button.

Step 7: Set the OAuth credentials and hosted domain.
  • Provide Client ID and Client Secret obtained from step 5.

  • Enter domain in Hosted Domain box.

  • Select Continue.

Note: This example uses ves.io as the domain.

SSOSETUP GOOGLE
Figure: Client ID and Client Secret

Note: The Hosted Domain is the domain where your accounts are hosted and only accounts of that domain are listed. You can also enter * for this field to use any hosted account.

Step 8: Copy the redirect URL.
  • Copy the displayed Redirect URL.

Note: This is used in OAuth client configuration in later steps.

  • Select Done.

SSO REDIRCTURL 3
Figure: Well Known URL

Step 9: Add authorized domain in the Google Developer Console for your OAuth settings.
  • Log back into the Google Developer Console.

  • Select API & Services section.

  • select on OAuth consent screen.

  • Select EDIT APP.

  • Under Authorized domains > add f5.com as the domain.

oauth add volt
Figure: Add Authorized Domain

Step 10: Add the redirect URL in the credentials page.
  • Select Credentials.

  • Edit the OAuth 2.0 Client ID to add authorized redirect URI (obtained in Step 8).

  • Select Save button.

image7
Figure: Configure Redirect URI

Step 11: Log out of the F5® Distributed Cloud Console. The subsequent logins get serviced through Google.

Log out of the F5® Distributed Cloud Console.

Note: The subsequent logins get serviced through Google.


Concepts


API References