SSO - Google
This document provides instructions on how to configure Google SSO integration to F5® Distributed Cloud Services for your enterprise account. For an overview of F5® Distributed Cloud Console, see About.
Note: SSO setup requires you to be of the
tenant ownertype user. Navigate to
Users. Select on the
Show/hide column, select the
Typefield, and select
Applyto display the
Typecolumn. For the tenant owner, the
Tenant Ownerand others, it displays
The following prerequisites apply:
- A valid Enterprise account.
- Note: If you do not have an account, see Create an Account.
- Google Cloud Account with Admin Access
- Note: This can be an existing G-Suite account.
Step 1: Create a project in the Google Developer Console.
Log into Google Developer Console with your administrator access.
Enter a project
project IDusing the
EDITbutton as per your preference.
Step 2: Start OAuth consent settings.
-menu icon to right of
Google Cloud Platformin upper-left corner.
APIs & Servicesin pop-out menu.
OAuth consent screen.
Step 3: Fill in OAuth consent screen details.
Step 4: Create OAuth credentials.
OAuth client IDunder
OAuth client IDand
Authorized redirect URIsfield as blank, this can be provided once the URI is obtained from F5 Distributed Cloud Console SSO Portal.
Step 5: Copy the generated credentials.
Once credentials are created a Client ID and Client Secret are generated which are required to set SSO. Copy the same to be provided in F5® Distributed Cloud Console.
Step 6: Start SSO setup in the F5 Distributed Cloud Console.
Features can be viewed, and managed in multiple services.
This example shows
SSO setup in
F5 Distributed Cloud Consolehomepage, select
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Servicesdrop-down menu to discover all options. Customize Settings:
Edit work domain & skillsbutton >
Advancedbox > check
Work Domainboxes >
Namespacefeature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
Tenant Settingsin left column menu > select
Note: If options are not showing available select
Advanced nav options visible
Showlink in bottom left corner. Select
Hideto minimize options from Advanced nav options mode if needed.
Set up SSObutton.
Please choose a service Providerin pop-up window.
Step 7: Set the OAuth credentials and hosted domain.
Default Scopes: OpenID Connect (OIDC) introduces the concept of "scopes" from OAuth 2.0. A scope is a way to limit the amount of information and access given to an application. When a client application wants to access resources on behalf of a user, it requests specific scopes. These scopes inform the user of the type of access the application is requesting during the authorization process.
F5 Distributed Cloud recommends default scopes of
openid profile email NOT openidprofileemail.
Note: Multiple scope values are used by creating a space delimited, because it is the OIDC standard specification by IETF although we do handle automatic validation/modification.
Client Secretobtained from previous steps.
default scopes: openid profile email.
Multiple scopevalues are used by creating a
Space Delimitedduring SSO setup in F5 console.
Note: Any entered value will be combined with preset value: openid profile email NOT openidprofileemail. Input spaces between words to include multiple scope values. To avoid additional steps with form
Update Account Information, confirm
Note: This example uses
ves.ioas the domain.
Hosted Domainis the domain where your accounts are hosted and only accounts of that domain are listed. You can also enter
*for this field to use any hosted account.
Step 8: Copy the redirect URL.
- Copy the displayed
Note: This is used in OAuth client configuration in later steps.
Step 9: Add authorized domain in the Google Developer Console for your OAuth settings.
Log back into the Google Developer Console.
API & Servicessection.
Authorized domains> add
f5.comas the domain.
Step 10: Add the redirect URL in the credentials page.
Edit the OAuth 2.0 Client ID to add authorized redirect URI (obtained in Step 8).
Step 11: Log out of the F5 Distributed Cloud Console. The subsequent logins get serviced through Google.
Log out of the F5® Distributed Cloud Console.
Note: The subsequent logins get serviced through Google.