Please rate how useful you found this document: 
No votes yet

Plugin Version: 1.0.0


Overview

The Google Authentication plugin allows customers who use G Suite to log in to ProcessMaker Enterprise 3.3.0 and later using their Google credentials.

Requirements

The following are requirements for the Google Authentication plugin:

  • The Google Authentication plugin works with ProcessMaker Enterprise edition, version 3.3.0 and later.
  • Your organization must be a G Suite subscriber.
  • You must have Google OAuth 2.0 credentials. This includes the Google OAuth Client ID and Google OAuth Client Secret. To create Google OAuth 2.0 credentials, see Google's OAuth2 Authentication guide.

Installation

Refer to the following sections to install the Google Authentication plugin:

Install the Plugin

Log in with a user, such as "admin," who has the PM_SETUP_ADVANCE permission in their role, and then go to ADMIN > Plugins > Enterprise Manager. In the next graphic, do one of the following:

  • Install the Google Authentication plugin by clicking on Install from File and uploading the plugin file.
  • Click on the Google Authentication plugin's Install Now button in the list of available plugins.

Enable the Plugin

After installing the plugin, make sure that the Google Authentication plugin is enabled  . If the plugin is not enabled, click the Enable button, as shown in the graphic below.

Configuration

After the Google Authentication plugin is installed, refer to the following sections regarding configuration:

Google Authentication Configuration

After the Google Authentication plugin is installed and enabled, an IT administrator must configure the plugin to integrate with Google authentication. After the plugin is integrated, Google authentication is enabled across the ProcessMaker application.

Ensure to have the Google OAuth Client ID and OAuth Client Secret prior to integrating the plugin with Google authentication.

Note: Before you make these configurations, in the library of the Google Developers Console be sure to enable the G Suite Administration. Furthermore, enable the Google+ API, and Admin SDK services.

   

Follow these steps to integrate the plugin with Google authentication:

  1. Log in to ProcessMaker using administrator credentials.

  2. Go to Admin > Users > Google Auth. The Authentication Configuration tab displays.

  3. Select the Enable Google Authentication for this workspace? check box. When selected, the ProcessMaker log in page displays a Sign in with Google and will use the configuration provided on the other fields for authentication.

  4. Select Attempt to automatically login with Google to skip the log in page and redirect the user to the ProcessMaker landing page.

  5. Enter your Google OAuth Client ID in the Google OAuth Client ID field.

  6. Enter your Google OAuth Client Secret in the Google OAuth Client Secret field.

  7. Enter your Google domain in the Google Domain field. As administrator of G Suit you need to define the domain where you synchronize groups and users in your Google configuration.

  8. Click Update Configuration. The message Configuration Updated displays at the top of the screen to confirm the settings are saved.

User Provisioning

After configuring the plugin to integrate with Google authentication, specify which users within the organization can be authenticated through Google (also known as user provisioning).

As an administrator, you can import some or all of your organizational users into the plugin so that users you specify can log in to ProcessMaker via their Google credentials.

Furthermore, if you update your users' credentials in G Suite, the Google Authentication plugin will automatically synchronize those changes for ProcessMaker.

Follow these steps to integrate the plugin with Google authentication:

  1. Log in to ProcessMaker using administrator credentials.

  2. Go to Admin > Users > Google Auth. The Authentication Configuration tab displays.

  3. Click the User Provisioning tab. The Connect G Suite displays.

  4. Click the Connect G Suite button to automatically connect with Google using your Google OAuth credentials configured in the Authentication Configuration tab. The screen displays to which domain the plugin is connected.

    If you are connected to the incorrect domain or want to connect another domain, click the Disconnect link. Then configure the Authentication Configuration tab. In the following window, click Disconnect to confirm disconnection.

    The Workspace Disconnected message displays at the top of the screen.

  5. Follow these guidelines to specify which users can use their Google credentials to log in to ProcessMaker:

    • Select the Sync all Users option to allow all users to log in to ProcessMaker with their Google credentials.

    • Select the Select specific groups option to specify which group(s) of users can be synchronized to log in to ProcessMaker with their Google credentials. Then, select at least one group of users. Ensure that all selected user groups have at least one user in them.

      Click the Refresh List link to refresh the list of user groups if you make changes to your groups. The Success Refreshing message displays at the top of the screen.

      Note: User groups not specified must log in using their ProcessMaker credentials.

  6. Click Sync Now. The Sync users has been completed successfully message displays at the top of the screen. The message displays how many users have been imported.

Note: Click G Suite documentation to know more about G Suite.

The plugin synchronizes with G Suite user email accounts in ProcessMaker. If there are new users in G Suite, the plugin creates new ProcessMaker users. If the user already exists in ProcessMaker, the plugin updates their authentication method (first name and last name).

Note: Please take into consideration that if you have authenticated your users in a different manner, such as LDAP Advance, those settings will be replaced with the Google Authentication source for each user synchronized.

The following error displays in these conditions:

  • Synchronization error: If a synchronization error occurs, the following message displays: Error message. Verify the authentication configuration, and then click the Sync Now button again.
  • No user group selected: If a user group is not selected when the Select specific groups option is selected, then the following message displays: Error message. Select at least one user group, and then click the Sync Now button again.
  • Empty user group: If a selected user group has no members, then the following message displays: Error message. Add at least one user to that user group, or deselect that user group from using Google credentials to log in to ProcessMaker. Then, click the Sync Now button again.

Log In Using Google Authentication Plugin

After the Google Authentication plugin is configured, refer to Log In Via Google Authentication for information how to log in using this plugin.