Link Search Menu Expand Document

Google SSO Integration Guide

Table of contents

  1. 1. Prerequisites
  2. 2. Open Google Cloud Console
  3. 3. Create a New Google Cloud Project
  4. 4. Enable Required APIs
  5. 5. Configure the OAuth Consent Screen
  6. 6. Create OAuth 2.0 Credentials (Client ID + Secret)
  7. 7. Create a Mandatory Service Account
    1. Steps
    2. Assign Roles (Mandatory)
    3. Generate and Download JSON Key
  8. 8. Configure Google SSO in TIKTING
  9. 9. Test Google SSO Login
  10. 10. User Rollout

TIKTING supports secure authentication using Google Single Sign-On (SSO) through Google Workspace.

This guide explains how to set up the required Google Cloud project, enable APIs, create OAuth credentials, and configure the mandatory Service Account for directory-level access.

1. Prerequisites

To use Google SSO with TIKTING, you must have:

  • An active Google Workspace subscription
  • Admin access to the Google Workspace Admin Console
  • Admin access to Google Cloud Console

If your organization does not yet use Google Workspace, you can register here:
https://workspace.google.com

2. Open Google Cloud Console

Navigate to:

https://console.cloud.google.com

Sign in with your Workspace Admin account.

Screenshot Placeholder:
![Google Cloud Console Homepage](images/google-cloud-home.png)

3. Create a New Google Cloud Project

  1. Click the Project Selector (top-left).
  2. Choose New Project.
  3. Enter a project name such as tikting-sso.
  4. Click Create.

Screenshot Placeholder:
![Create New Project](images/create-project.png)

4. Enable Required APIs

In your new project:

  1. Go to APIs & Services → Library
  2. Enable the following APIs:
  • Google Identity Services (OAuth 2.0)
  • Google People API
  • Cloud Identity API (mandatory for directory access)

Screenshot Placeholder:
![Enable APIs](images/enable-api.png)

  1. Go to APIs & Services → OAuth consent screen
  2. Choose Internal (recommended for Workspace)
  3. Fill in:
    • App name: TIKTING SSO
    • User support email
  4. Under Authorized domains, add your TIKTING domain (e.g., example.com)
  5. Save

Screenshot Placeholder:
![OAuth Consent Screen](images/oauth-consent.png)

6. Create OAuth 2.0 Credentials (Client ID + Secret)

  1. Go to APIs & Services → Credentials
  2. Click Create Credentials → OAuth client ID
  3. Select Web application
  4. Add these redirect URIs:

https://tikting-domain.com/auth/google/callback

http://localhost:5173/auth/google/callback (Optional for local development)

  1. Save and copy:
    • Client ID
    • Client Secret

These will be added into TIKTING later.

Screenshot Placeholder:
![Create OAuth Client](images/oauth-client.png)

7. Create a Mandatory Service Account

TIKTING requires a Service Account to retrieve authorized user details from Google Workspace Directory and to validate organization domains.

Steps

  1. Go to IAM & Admin → Service Accounts
  2. Click Create Service Account
  3. Enter:
    • Name: tikting-sso-service-account
    • ID: auto-generated
  4. Click Create and Continue

Assign Roles (Mandatory)

Assign the following roles:

  • Viewer
  • Cloud Identity → Directory Reader

Generate and Download JSON Key

  1. After the account is created, open it
  2. Go to the Keys tab
  3. Click Add Key → Create new key
  4. Select JSON
  5. Download the key file

Keep this file secure; it will be uploaded into TIKTING.

Screenshot Placeholders:
![Service Account List](images/service-account-list.png)
![Service Account Roles](images/service-account-roles.png)
![Download JSON Key](images/service-account-key.png)

8. Configure Google SSO in TIKTING

  1. Log in to the TIKTING Admin Portal
  2. Navigate to:

Settings → Authentication → Google SSO

  1. Enter the following:
  • Google Client ID
  • Google Client Secret
  • Upload Service Account JSON
  1. Enable the Google Login toggle
  2. Save settings

Screenshot Placeholder:
![TIKTING SSO Settings](images/tikting-sso-settings.png)

9. Test Google SSO Login

  1. Open your TIKTING login page
  2. Click Continue with Google
  3. Select a Workspace user account
  4. Confirm successful login
  5. Validate that restricted domains behave as expected

Screenshot Placeholder:
![Google Sign-In Button](images/google-login-button.png)

10. User Rollout

Share the final login URL with your users: (example) https://your-tikting-domain.com/app/login

Users can now log in securely with their Google accounts.

Support

If you require help during setup, contact ITDEVTECH support or your assigned TIKTING onboarding engineer.