Integration: Google account provisioning
With this integration, you will be able to create a Google account for your new hire.
Manifest
{
"form": [],
"oauth": {
"refresh": {
"url": "https://oauth2.googleapis.com/token",
"data": {
"client_id": "{{ CLIENT_ID }}",
"grant_type": "refresh_token",
"client_secret": "{{ CLIENT_SECRET }}",
"refresh_token": "{{ oauth.refresh_token }}"
},
"method": "POST"
},
"access_token": {
"url": "https://oauth2.googleapis.com/token?client_id={{CLIENT_ID}}&client_secret={{CLIENT_SECRET}}&grant_type=authorization_code&redirect_uri={{redirect_url}}",
"method": "POST"
},
"authenticate_url": "https://accounts.google.com/o/oauth2/v2/auth?client_id={{CLIENT_ID}}&redirect_uri={{redirect_url}}&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.user&access_type=offline&prompt=consent"
},
"exists": {
"url": "https://admin.googleapis.com/admin/directory/v1/users/{{email}}",
"method": "GET",
"expected": "{{ email }}",
"fail_when_4xx_response_code": false
},
"execute": [
{
"url": "https://www.googleapis.com/admin/directory/v1/users",
"data": {
"name": {
"givenName": "{{ first_name }}",
"familyName": "{{ last_name }}"
},
"password": "{{ PASSWORD }}",
"primaryEmail": "{{ email }}",
"changePasswordAtNextLogin": true
},
"method": "POST"
}
],
"headers": {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Bearer {{oauth.access_token}}"
},
"extra_user_info": [
{
"id": "PERSONAL_EMAIL",
"name": "Personal email address",
"description": "Add the email address from the user (not business) to send google email to."
}
],
"initial_data_form": [
{
"id": "CLIENT_ID",
"name": "The Google client id",
"description": "You can find it here: "
},
{
"id": "CLIENT_SECRET",
"name": "The Google client secret",
"description": "You can find it here: "
},
{
"id": "PASSWORD",
"name": "generate",
"description": "Used to create the new hire's password for new Google account."
}
],
"post_execute_notification": [
{
"to": "{{ PERSONAL_EMAIL }}",
"type": "email",
"message": "username: {{ email }}, password: {{PASSWORD}}",
"subject": "Here are your Google login credentials!"
}
]
}
Instructions
- Go to https://console.cloud.google.com/apis/credentials/consent?supportedpurview=project and make sure you are logged in as the admin of the Google organization.
- Create a new 'Project' and give it a fancy name. Once it's created make sure you are in that project (you can see that in the top bar).
- You will be asked for what type of app you want to register. Choose 'Intern', only people from your organization should log in to your app. Click on 'Create'.
- Fill in the details accordingly. You will have to add the following scopes:
https://www.googleapis.com/auth/admin.directory.user. Under 'Authorized domains', fill in your own site url and the url of the ChiefOnboarding instance. - Click on 'Create'. You will be taken back to the page you previously landed on.
We just set up our authentication screen for you to sign in to. Up next, we need to create credentials that we can put into the ChiefOnboarding instance, so we can actually show that authentication dialog.
- Go to https://console.developers.google.com/apis/credentials
- Click on 'Create credentials' at the top of the page and choose Client-ID OAuth.
- You will be asked for the type of app. Pick 'Web application'.
- Under "Authorized JavaScript-sources" enter the domain name of where ChiefOnboarding is running on.
- Under "Authorized redirect-URLs" enter the URL that ChiefOnboarding gives you when adding this manifest.
- Click on 'Create' and you will get the
Client-IDandClient-secretthat you need to fill in on your ChiefOnboarding instance. - Submit the form on ChiefOnboarding.
- Then login with the new "oauth" button.
- To be able to check if people are already in the system, we will then have to enable the Admin SDK for your project here: https://console.developers.google.com/apis/library/admin.googleapis.com, click on 'Enable'.
Comments
No comments yet.