Home‎ > ‎Other Modules‎ > ‎

GSuite SSO (Single Sign On)

Purpose: Provide single sign on for LegalServer users whose email address matches a GSuite address. Instead of entering a username and password in LS, users can click an SSO link to login to LS based on their GSuite credentials.

Cost: $900 one-time setup fee. File a ticket from your site (Help menu > Support Request) to start the process of getting this module.  There is currently no monthly fee for GSuite SSO.

The instructions below for obtaining the information needed from GSuite are based on the menus and screens at the time they were written. GSuite may have changed these, so the exact steps you need to take will not necessarily match the example given.



Admin Setup in LegalServer

SSO is enabled and configured on the Admin -> Single Sign On page.


Click the Edit link in the upper right to set or change the Client ID and Client Secret you obtained from GSuite.

Global SSO Enforcement, Client ID, Client Secret, Domain



These are example instructions. GSuite can and does change the look, layout, and links.

Setting up Single-Sign On with OpenID Connect for GSuite

( GSuite )


Go to https://console.developers.google.com


If you don’t have a project, create one.


  1. Click the Create Project button.

  2. Click Create on the next screen.

  3. Give the project a name and location.

    1. If the only option is “No Organization”, you need to create a Cloud Organization. https://cloud.google.com/resource-manager/docs/creating-managing-organization

Select your project from the top menu.


You may have to navigate around the modal that pops up to find your project. It should belong to your cloud organization.

.

Click on the key icon in the left menu (It should have the label “Credentials” when your mouse hovers over it).




.

Click Create Credentials, and select an appropriate option from the menu.

In most cases (including SSO), an OAuth client ID is sufficient. However, for some integrations (e.g. the Google Calendar integration), you may need to create a service account key. Keep this in mind if you have future GSuite integrations planned in the future, but for now, OAuth client ID is all you need, so select that.


If you need to configure your consent screen, go ahead and do that.


You’ll want to select Web application as the type.


Make sure you add https://aws-auth.legalserver.org/sso as a Redirect URL.


On the last page, you’ll be given a Client ID and Client Secret, which is needed to configure SSO. This is the information you need to provide LegalServer in order to enable Single Sign-On.