Google Workspace SSO (Single Sign On)
Purpose: Provide single sign on for LegalServer users whose email address matches a Google Workspace address.
Instead of entering a username and password in LS, users can click an SSO link to login to LS based on their Google Workspace credentials.
Cost: $900 one-time setup fee. File a ticket from your site (Help menu > Support Request) to start the process of getting this module. There is currently no monthly fee for Google Workspace SSO.
The instructions below for obtaining the information needed from Google Workspace are based on the menus and screens at the time they were written. Google may have changed these, so the exact steps you need to take will not necessarily match the example given.
Admin Setup in LegalServer
SSO is enabled and configured on the Admin -> Single Sign On page.
Click the Edit link in the upper right to set or change the Client ID and Client Secret you obtained from Google Workspace.
These are example instructions. Google can and does change the look, layout, and links.
Setting up Single-Sign On with OpenID Connect for Google Workspace
If you don’t have a project, create one.
- Click the Create Project button.
- Click Create on the next screen.
- Give the project a name and location.
- If the only option is “No Organizationâ€, you need to create a Cloud Organization. https://cloud.google.com/resource-manager/docs/creating-managing-organization
Select your project from the top menu.
You may have to navigate around the modal that pops up to find your project. It should belong to your cloud organization.
Click on the key icon in the left menu (It should have the label “Credentials†when your mouse hovers over it).
Click Create Credentials, and select an appropriate option from the menu.
In most cases (including SSO), an OAuth client ID is sufficient. However, for some integrations (e.g. the Google Calendar integration), you may need to create a service account key. Keep this in mind if you have future Google Workspace integrations planned, but for now, OAuth client ID is all you need, so select that.
If you need to configure your consent screen, go ahead and do that.
You want to select Web application as the type.
Make sure you add https://aws-auth.legalserver.org/sso as a Redirect URL.
On the last page, you’ll be given a Client ID and Client Secret, which is needed to configure SSO. This is the information you need to enter in LegalServer in order to enable Single Sign On.