Overview

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

Prerequisite

Below is the list of parameters that are required to be configured in order for the tenant to integrate Google Sign In.

Name	Sample Value	Description
Client ID	906946589628-idr2k5srkrl2uuq0n85uur28nv90nc6q.apps.googleusercontent.com	Client ID of the partners Google console account
Client Secret	7c4BEITQFtFZVtqhLnUN5wgN	Client Secret of the partners Google console account
Authorized Domains	gmail.com, gooru.org	List of domains that need to be authorized for this integration. Email addresses outside of these domains will not be able to access.

Gooru will configure SSO access and share client id and secret.

Google Auth

In order to use Google SSO, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change):

https://beta.gooru.org/api/nucleus-auth-idp/v1/google?redirectURL=https://beta.gooru.org

Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If a user is not already logged in at clients application, the login page will be displayed.

Based on the claims received, the user details are verified in Gooru and the user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.