Google SSO for Atlassian Confluence®Supports Confluence 3.5 - 6.X
Plug and play integration. Light configuration required.
Installing the Google SSO Authenticator for Confluence is a multi-part installation process.
Before we can start using the Google SSO for Confluence add-on, we first need to set up a few configurations in Google.
Set up a new Google project
The first step is to create a new project in Google API Console.
- Go to the Google API Console and log in with your Google Drive account.
- From the project drop-down, select an existing project , or create a new one by selectingCreate a new project.
Enter a name for the new project, e.g. Google SSO then click on the Create button. Note this can take a few minutes to complete.
Enable Google+ API
The second step is to enable Google+ API for your new project.
- Select Library option underneath API Manager, from left side panel.
- Scroll down and locate Google+ API from the list of Social API options, and click on it.
3. Click on the Enable button.
Set up Credentials
Once the project is created and the Drive API enabled, click on the Go to Credentials button on the right and the Credentials window will pop up. This will generate us the CLIENT ID and CLIENT SECRET we will need to configure the add-on with.
You will be redirected to the Credentials page to complete credentials set up and to customize the login consent screen that will be displayed when users try to log into Confluence with their Google accounts.
Enter information for the Credential to your project. Click on What credentials do I need? button
Select Web Client 1, enter https://mycompany.com/plugins/servlet/google-drive/callback in the Authorized Redirect URIs field and click on the Create client ID button.
Enter in Product name. You would want to set it to something like Company Google SSO for Confluence, so users will know which application they are allowing access for. This is also helpful later when they want to revoke access to Google. Click Continue (other customizations are optional).
Click the Done button.
To get the Client ID and Client Secret
Click on Credentials (left side panel) > Credentials tab > Web client 1
Note down the CLIENT ID and CLIENT SECRET as they will be needed when we configure the add-on in Confluence later.
Once we have finished setting up Google, we can go ahead and install the Google SSO for Confluence add-on.
Download and Install the Google SSO for Confluence add-on
The first step is to install the add-on in your Confluence instance.
- Log into Confluence with an account that has administrator privilege.
- Browse to Confluence admin | Manage add-ons.
- Click the Upload add-on link (upper right corner of table).
- Select the add-on file (googlesso-confluence-x.x.x.obr), and upload the add-on.
- Click on "Google Apps Authentication" in the Add-Ons left panel.
- Copy in your AppFusions' provided license - no white spaces.
Configure your Google SSO details
After we have installed the add-on, we need to configure it with our Google OAuth client details. You can access the configuration screen by
- Click the Configure button for Google SSO for Confluence add-on in the Universal Plugin Manager (UPM), or
- Select Google SSO option under APPFUSIONS ADD-ONS section in Confluence administration console.
|Client ID||The Client ID value from Google OAuth client.|
|Client Secret||The Client Secret value from Google OAuth client.|
|User creation policy|
Choose if you want Confluence to automatically create users if a match cannot be found based on the Google account email address, or if you want more control by having Confluence administrators to manually create missing user accounts.
If you have enabled auto user account creation by selecting the Create Confluence users automatically upon first successful Google sign-in option for User creation policy, then you will also need to configure the following.
The domains that the Google account must belong to in order for new accounts to be created in Confluence.
For example, if you restrict domain to companyA.com, Confluence account will not be created for user with companyB.com.
|User name policy|
Select the user name format for new accounts.
Select the groups (one or more) that new users should be automatically added into. It is recommended that you select a group with has the CanUse global permission, such as confluence-users.
Test it out
Now that we have completed our installation and configuration, we can go ahead and test it out.
- Log out of Confluence, and go back to the login screen.
- If everything is configured correctly, you should see a new Sign in with Google button below the usual Username and Password section.
- Clicking on that button will open up the Google consent screen.
From here, a number of things would happen:
- If you are not currently logged into Google, the screen will first prompt you to log into Google, or select a Google account if you have more than one.
- After you have logged into Google, and if this is the first time you are using SSO, you will be asked to allow Confluence to SSO with Google, by clicking the Accept button. (you will only need to accept once)
- Once you have accepted, you will automatically logged into Confluence
If you have issues, comments, suggestions, or even accolades, we'd appreciate the feedback.