Using Google G Suite OpenID Connect Provider for Authentication

Evolphin Zoom supports OpenID Connect (OIDC) natively. This can be used to delegate authentication to a Google G Suite OIDC Provider. This article describes the configuration changes needed on the Google G Suite side in order for a user to directly authenticate with G Suite from their Evolphin Zoom service.

Prerequisites

  1. You have administrative access to G Suite Developer Console

End-user Single Sign On experience

With direct OpenID Connect integration, Zoom users will be redirected to sign into their own G Suite organizational account. When they are accessing a Zoom Web or Desktop app and are prompted for sign-in, users are redirected to Google G Suite IdP. After successful sign-in, they are returned to Zoom to access Zoom apps. Here is a how a sample login screen looks like:

Configuring the G Suite OAuth 2.0

Before your Zoom service can use a Google’s OIDC Provider via the OAuth 2.0 authentication protocol for user login, you must set up an API project in the Google API Console to obtain OAuth 2.0 credentials, set a redirect URI to Zoom, and (optionally) customize the branding information that your users see on the user-consent screen when logging into Zoom. The steps below are simplified from Google’s instructions listed here.

Step 1: Create a new API project

After logging into https://console.developers.google.com create a new project unless you wish to reuse an existing API project. Click Select a project from Google API console:

Select your G Suite organization:

Click on New Project and define an API Project such as:

Select the project from the alert or via the Select a Project drop down:

Now go to the API dashboard by either visiting this link or clicking on the Google API link on the top left:

Step 2: Configure Consent Screen

Click on OAuth consent screen from left panel to go to the page:

Select Internal in the screen above and configure your consent screen that users will see. It’s a good practice to stick an Evolphin Zoom logo so the users can tell visually who is asking for this info. You can download our logo (120px by 120px) from here:

But it’s up-to you to choose your own banding elements.

Please fill in your own information including any email addresses, the values on these screenshots are for illustration only.

Go ahead and save your form. Feel free to contact your G Suite support contact at Google if you need help with other aspects of the form.

Step 3: Create OAuth Credentials

Click on Credentials from left panel to go to the Credentials page:

Then click + CREATE CREDENTIALS from the top menu bar and choose OAuth client ID:

Choose Web Applications from the drop down

Fill in the OAuth 2.0 client name and Authorized redirect URIs. For example:

In the above form replace “Name” with your company name-zoom-oidc. This field can be anything, but a good practice to use the above naming convention.

The Authorized redirect URIs will have the host:port of your Zoom Web Admin Console URL such as https://company>-zoom.evolphin.com:9443. Check with your administrator for the URL. The rest of the URI is always the same /auth/openid/login.

Go Ahead and click Create. A popup will display 2 OAuth related IDs that you will need to send to your Evolphin Zoom Managed Admin team or your administrator.

The Evolphin Administrator will need to complete the Zoom Web Admin side of the G Suite OAuth 2.0 registration before the flow can be tested. Please take care to send the client secret via SMS or an app that offers end to end encryption such as Signal or WhatsApp and avoid email.