Google SSO for Atlassian Confluence®

Supports Confluence 3.5 - 6.X

Plug and play integration. Light configuration required.

Documentation

Getting Started

Installing the Google SSO Authenticator for Confluence is a multi-part installation process.

IMPORTANT NOTES

Icon

Following are two important notes:

  • To configure the Google Google SSO for Confluence, you must have a Google Apps account with Admin credentials. Follow the Google Configuration steps below.
  • If you previously have used AppFusions' Google Apps Authenticator for Confluence prior to version 2.0.0, you MUST uninstall the old plugin and reconfigure your Google settings from scratch. This is a one-time requirement. Google changed authentication protocols between 1.X and 2.0 0 of our integration, making this an absolute requirement.

Google Configuration

Before we can start using the Google SSO for Confluence add-on, we first need to set up a few configurations in Google.

Icon

We recommend that the following Google Configurations are performed the person who manages the Google Apps domain account, typically your Google domain administrator.

Set up a new Google project

The first step is to create a new project in Google API Console.

  1. Go to the Google API Console and log in with your Google Drive account.
  2. From the project drop-down, select an existing project , or create a new one by selectingCreate a new project.
    Enter a name for the new project, e.g. Google SSO then click on the Create button. Note this can take a few minutes to complete.

Enable Google+ API

The second step is to enable Google+ API for your new project.

  1. Select Library option underneath API Manager, from left side panel.
  2. Scroll down and locate Google+ API from the list of Social API options, and click on it.


3. Click on the Enable button.

Set up Credentials

Once the project is created and the Drive API enabled, click on the Go to Credentials button on the right and the Credentials window will pop up. This will generate us the CLIENT ID and CLIENT SECRET we will need to configure the add-on with. 


You will be redirected to the Credentials page to complete credentials set up and to customize the login consent screen that will be displayed when users try to log into Confluence with their Google accounts.

Enter information for the Credential to your project.  Click on What credentials do I need? button

 

Select Web Client 1, enter https://mycompany.com/plugins/servlet/google-drive/callback in the Authorized Redirect URIs field and click on the Create client ID button.


Enter in Product name.  You would want to set it to something like Company Google SSO for Confluence, so users will know which application they are allowing access for. This is also helpful later when they want to revoke access to Google.  Click Continue (other customizations are optional).


Click the Done button.

 

To get the Client ID and Client Secret

Click on Credentials (left side panel) > Credentials tab > Web client 1



Note down the CLIENT ID and CLIENT SECRET as they will be needed when we configure the add-on in Confluence later.

Confluence Configuration

Once we have finished setting up Google, we can go ahead and install the Google SSO for Confluence add-on.

Download and Install the Google SSO for Confluence add-on

The first step is to install the add-on in your Confluence instance.

  1. Log into Confluence with an account that has administrator privilege.
  2. Browse to Confluence admin | Manage add-ons.
  3. Click the Upload add-on link (upper right corner of table).
  4. Select the add-on file (googlesso-confluence-x.x.x.obr), and upload the add-on.
  5. Click on "Google Apps Authentication" in the Add-Ons left panel.
  6. Copy in your AppFusions' provided license - no white spaces.

Configure your Google SSO details

After we have installed the add-on, we need to configure it with our Google OAuth client details. You can access the configuration screen by

  • Click the Configure button for Google SSO for Confluence add-on in the Universal Plugin Manager (UPM), or
  • Select Google SSO option under APPFUSIONS ADD-ONS section in Confluence administration console.
Field
Description
Client IDThe Client ID value from Google OAuth client.
Client SecretThe Client Secret value from Google OAuth client.
User creation policy

Choose if you want Confluence to automatically create users if a match cannot be found based on the Google account email address, or if you want more control by having Confluence administrators to manually create missing user accounts.

If you have enabled auto user account creation by selecting the Create Confluence users automatically upon first successful Google sign-in option for User creation policy, then you will also need to configure the following.

Field
Description
Domains

The domains that the Google account must belong to in order for new accounts to be created in Confluence.

For example, if you restrict domain to companyA.com, Confluence account will not be created for user with companyB.com.

User name policy

Select the user name format for new accounts.

  • Use the Google user name without change - e.g. john@company.com
  • Remove the leading @domain email portion from the Google user name - e.g. john
Default Groups

Select the groups (one or more) that new users should be automatically added into. It is recommended that you select a group with has the CanUse global permission, such as confluence-users.

Test it out

Now that we have completed our installation and configuration, we can go ahead and test it out.

  1. Log out of Confluence, and go back to the login screen.
  2. If everything is configured correctly, you should see a new Sign in with Google button below the usual Username and Password section.
  3. Clicking on that button will open up the Google consent screen.

From here, a number of things would happen:

  1. If you are not currently logged into Google, the screen will first prompt you to log into Google, or select a Google account if you have more than one.
  2. After you have logged into Google, and if this is the first time you are using SSO, you will be asked to allow Confluence to SSO with Google, by clicking the Accept button. (you will only need to accept once)
  3. Once you have accepted, you will automatically logged into Confluence

Product Feedback

If you have issues, comments, suggestions, or even accolades, we'd appreciate the feedback.





  AppFusions ... Bringing it together.