SSO - Google
Objective
This document provides instructions on how to configure Google SSO integration to F5® Distributed Cloud Services for your enterprise account. For an overview of F5® Distributed Cloud Console, see About.
Note: SSO setup requires you to be of the
tenant owner
type user. Navigate toGeneral
>IAM
>Users
. Select on theShow/hide column
, select theType
field, and selectApply
to display theType
column. For the tenant owner, theType
column displaysTenant Owner
and others, it displaysUser
.
Prerequisites
The following prerequisites apply:
- A valid Enterprise account.
- Note: If you do not have an account, see Create an Account.
- Google Cloud Account with Admin Access
- Note: This can be an existing G-Suite account.
Configuration Steps
Step 1: Create a project in the Google Developer Console.
-
Log into Google Developer Console with your administrator access.
-
Select
Create Project
.
-
Enter a project
name
. -
Set a
project ID
using theEDIT
button as per your preference. -
Select
Create
.
Step 2: Start OAuth consent settings.
-
Select
-
menu icon to right ofGoogle Cloud Platform
in upper-left corner. -
Select
APIs & Services
in pop-out menu. -
Select
OAuth consent screen
. -
Select
Internal
. -
Select
Create
button.
Step 3: Fill in OAuth consent screen details.
Step 4: Create OAuth credentials.
-
Open
Credentials
tab. -
Select
OAuth client ID
underCreate credentials
button. -
Create
OAuth client ID
andclient secret
.
Note: Leave
Authorized redirect URIs
field as blank, this can be provided once the URI is obtained from F5 Distributed Cloud Console SSO Portal.
Step 5: Copy the generated credentials.
Once credentials are created a Client ID and Client Secret are generated which are required to set SSO. Copy the same to be provided in F5® Distributed Cloud Console.
Step 6: Start SSO setup in the F5 Distributed Cloud Console.
Features can be viewed, and managed in multiple services.
This example shows SSO
setup in Administration
.
- Open
F5 Distributed Cloud Console
homepage, selectAdministration
box.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Services
drop-down menu to discover all options. Customize Settings:Administration
>Personal Management
>My Account
>Edit work domain & skills
button >Advanced
box > checkWork Domain
boxes >Save changes
button.
Note: Confirm
Namespace
feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
- Select
Tenant Settings
in left column menu > selectTenant Options
.
Note: If options are not showing available select
Advanced nav options visible
Show
link in bottom left corner. SelectHide
to minimize options from Advanced nav options mode if needed.
- Select
Set up SSO
button.
-
Select
Google
inPlease choose a service Provider
in pop-up window. -
Select
Continue
button.
Step 7: Set the OAuth credentials and hosted domain.
-
Provide
Client ID
andClient Secret
obtained from step 5. -
Enter
domain
inHosted Domain
box. -
Select
Continue
.
Note: This example uses
ves.io
as the domain.
Note: The
Hosted Domain
is the domain where your accounts are hosted and only accounts of that domain are listed. You can also enter*
for this field to use any hosted account.
Step 8: Copy the redirect URL.
- Copy the displayed
Redirect URL
.
Note: This is used in OAuth client configuration in later steps.
- Select
Done
.
Step 9: Add authorized domain in the Google Developer Console for your OAuth settings.
-
Log back into the Google Developer Console.
-
Select
API & Services
section. -
select on
OAuth consent
screen. -
Select
EDIT APP
. -
Under
Authorized domains
> addf5.com
as the domain.
Step 10: Add the redirect URL in the credentials page.
-
Select
Credentials
. -
Edit the OAuth 2.0 Client ID to add authorized redirect URI (obtained in Step 8).
-
Select
Save
button.
Step 11: Log out of the F5 Distributed Cloud Console. The subsequent logins get serviced through Google.
Log out of the F5® Distributed Cloud Console.
Note: The subsequent logins get serviced through Google.