Ability™ Developer Portal v23.1
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Google as Identity provider for Ability Platform

This article explains how to enable sign-in for users with a Google account by using custom policies in Azure AD B2C and the configuration to be done in Principal Manager to use Google as identity provider (Not multi-tenancy)

# Configurations

# Google Account configuration

  1. Create a Google account and sign-in to the account

  2. Open Google Developer Console with the created account credentials.

  3. Create a New Project Name and click Create.

  4. Select Credentials in the menu, then select Create credentials -> Oauth client ID.

  5. Select Configure consent screen.

  6. Follow below steps to generate application

    • Under Application type, select Web application.
    • Enter a Name for your application. (E.g.: Test Application)
    • Enter the below value where replace the your-tenant with the B2C tenant name.
    • Authorized JavaScript origins : https://tenant-name.b2clogin.com
    • Authorized redirect URIs : https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/oauth2/authresp Note: Use only lowercase letters in tenant-name even if the tenant is defined with uppercase letters in Azure AD B2C.

  7. Click Create

  8. Copy the values of Client ID and Client secret

# Azure B2C configurations

  1. Go to Azure Portal -> B2C tenant.

  2. Go to Policies -> Identity Experience Framework Configuration -> Policy Keys

  3. Add B2C_1A_httpsaccountsgooglecomopenIdConnect with below config

    Options: Manual
Name: httpsaccountsgooglecomopenIdConnect
Secret: <Client Secret copied from google application>

# Principal Manager configurations

# On-board Google identity provider to Ability Platform

Login to the Admin Portal as Ability Admin to on-board Google Identity Provider

or

Execute through the API, POST //identityProviders with the below configuration as body

{
 "displayName": "Google",
 "type": "openIdConnect",
 "configuration": {
 	"openIdConnectUrl": "https://accounts.google.com/.well-known/openid-configuration",
 	"multitenant": false,
 	"clientId": "<Client ID copied from google application>",
 	"user": {
 		"id": "sub",
 		"name": "name",
 		"email": "email"
 	},
 	"groups": {
 		"id": "groups"
 	}
 }
}

# On-board Google identity provider to tenant

Login to the Admin Portal as Ability Admin, create a tenant or select an existing tenant and select Google as Identity Provider and select allow signup.

or

Execute through the API, POST /tenants with the following as body

{
 "name": "<Name of the new tenant>",
 "tags": ['ABB'],
 "identityProviders": {
     "<IDP ID og Google identity provider in PM>": {
         "allowSignUp": true
     }
 }
}

# Verify with tenant login

  1. Login to the Admin Portal as tenant, verify & select Google as identity provider.
  2. Enter the google account credential

Further Reading

Sign-in with a Google account using custom policies in Azure Active Directory B2C

Last updated: 7/7/2021, 8:21:54 AM

Performance

Feedback