Google SSO Setup

This guide explains how to configure Google Workspace as the identity provider for Nected. The setup requires creating an OAuth 2.0 Client inside Google Cloud Console, configuring the consent screen, adding redirect URIs, and supplying the credentials to Konark and Nalanda through nected-values.yaml.

This document is designed for administrators who manage authentication for Nected environments.

Prerequisites

Before starting:

• You must have admin access to Google Cloud Console.

• Your organization must use Google Workspace or have Google Identity enabled.

• You must know your Nected UI domain, for example: https://nected-ui.example.com

• You must have access to edit and deploy your Helm chart configuration.

1. Open Google Cloud Console

Go to: https://console.cloud.google.com/

Choose the correct Google Cloud project where you want to configure OAuth authentication.

If your organization uses multiple projects, confirm you’re configuring the correct one for Nected.

2. Enable OAuth Consent Screen

Google requires a consent screen before OAuth credentials can be created.

Go to:

APIs & Services → OAuth Consent Screen

Choose one of the following:

• Internal → Only users in your Google Workspace can authenticate

• External → Any Google user can authenticate (only use if required)

Fill in the required fields:

• App name

• User support email

• Developer contact email

You do not need to add scopes or test users at this stage unless your organization enforces security constraints. Save the configuration to continue.

3. Create OAuth 2.0 Client Credentials

Now create the credentials that Nected will use.

Navigate to:

APIs & Services → Credentials → Create Credentials → OAuth client ID

Choose:

• Application type: Web application

Enter a name, for example:

4. Add Authorized Redirect URIs

Google requires redirect URIs to be explicitly listed for your app to accept OAuth callbacks.

Add this URI exactly as it appears in your Nected UI:

Example:

You may add multiple URIs later if using different staging/production deployments.

Click Create.

Google will generate:

• Client ID

• Client Secret

Download these values or copy them—they will be needed in your Helm config.

5. Configure Nected (Konark + Nalanda)

Open your nected-values.yaml file. Google SSO requires configuration in both services.

5.1 Update Konark Environment Variables

Konark handles the browser login flow.

Locate:

Add:

These values enable Google login on the UI.

5.2 Update Nalanda Environment Variables

Nalanda validates Google-issued ID tokens and establishes server-side authentication.

Locate:

Add:

Nalanda requires the secret to verify OAuth flows securely.

6. Apply the Configuration

Deploy the updated configuration using your Helm chart:

Restart all authentication-related services:

Both services will start using the new Google OAuth configuration.

7. Validate the Integration

Open your Nected UI.

You should now see a “Continue with Google” option on the login screen.

Test login using a Google account allowed by your consent screen settings.

If authentication succeeds, Google SSO is operating correctly.

8. Troubleshooting

Consent screen errors

Internal apps only allow users within your organization. Switch to External if your users are outside your domain.

Redirect URI mismatch

Ensure the URI in Google Console matches exactly with the one provided to Konark.

Invalid client or secret

Verify the following values in Nalanda → envVars:

• GOOGLE_CLIENT_ID

• GOOGLE_CLIENT_SECRET

Login button not appearing

Konark must include:

Token validation failures

Google tokens expire quickly—ensure your cluster’s time synchronization is accurate using NTP.

Your Nected deployment now supports authentication through Google Workspace. This configuration improves login security, simplifies onboarding, and aligns access control with your organization’s identity strategy.

You can now combine Google SSO with other providers like Microsoft Entra for multi-IdP environments.