Configuring AchieveIt SSO with Google Workspace

Configuring Google Workspace as an Identity Provider for AchieveIt

1. Login to the Google API Console.

2. Create a new Project:

Screenshot

3. Configure the OAuth consent screen.

    1. Select the Internal User Type and click Create:

      Screenshot

    2. Enter an App name.
    3. Under App domain, enter https://my.achieveit.com as the Application home page.
    4. Under Authorized Domains, click Add Domain, enter auth0.com, click Add Domain again, enter achieveit.com.
    5. Under Developer contact info, enter support@achieveit.com:

      Screenshot

    6. Click Save and Continue.
    7. On the Scopes page, Click Add or Remove Scopes.
    8. Select the userinfo.email scope and click Update:

      Screenshot

    9. Click Save and Continue.
    10. On Test Users page, click Save and Continue.

4. Create the Credentials.

    1. Click Credentials from left navigation bar.
    2. Click Create Credentials and select OAuth client ID:

      Screenshot

    3. From the Application Type dropdown, select Web Application.
    4. Enter any name for the application.
    5. Under Authorized JavaScript origins, click Add URI, and enter https://achieve-it.auth0.com.
    6. Under Authorized Redirect URIs, click Add URI, and enter https://achieve-it.auth0.com/login/callback:

      Screenshot

    7. Click Create
    8. Upon creation, Google will generate a Client ID and Client Secret. Copy these values.

5. If you have a Google Workspace enterprise domain, you must enable the Admin Service SDK. See here for Google's documentation to enable this service: https://support.google.com/googleapi/answer/6158841

6. Send your AchieveIt technical contact your Google Workspace domain url, client ID, and client secret and await further instructions.