Google OAuth2 Login – Setup

Enabling Google OAuth2 login in SELMA allows users to authenticate using their Google accounts instead of traditional username/password credentials. This provides a seamless single sign-on experience for users who have Google accounts, improving security and user experience.

Note: The below instructions serve as a guide only – please ask your IT Team/Provider about what’s best for your organisation.

Google Cloud Console Setup

For this to work we need to create an OAuth 2.0 application in Google Cloud Console specifically configured for authentication purposes.

1. Create/Select Project

Please go to https://console.cloud.google.com and either create a new project or select an existing one for your organisation.

2. Configure OAuth Consent Screen

⚠️ Important: If this is your first OAuth application, you’ll need to configure the consent screen first.

1. Go to “APIs & Services” > “OAuth consent screen”
2. Choose “Internal” if you’re using Google Workspace (recommended)
3. Save

3. Create OAuth 2.0 Credentials

1. Go to “APIs & Services” > “Credentials”
2. Click “Create Credentials” > “OAuth Client ID”
3. Select “Web application” as the application type
4. Give it a name like “SELMA OAuth2 Login”
5. Important: In the “Authorised redirect URIs” section, add your SELMA OAuth2 callback URL:
   • Example: https://subdomain.selma.app/connect/google/check
   • NB. Replace “subdomain” with your actual SELMA subdomain
6. Click “Create”

Once created, note the following details:

• Client ID
• Client Secret

4. Provide Credentials to SELMA

Once you have created the OAuth2 credentials, you’ll need to provide the following information to the SELMA team:

• Client ID
• Client Secret

The SELMA team will then configure the OAuth2 integration on your behalf.

5. Test the Integration

After the SELMA team has configured the integration:

1. Log out of SELMA
2. Go to the SELMA login page
3. Click on the “Google” login button and you’ll be redirected to Google’s login screen
4. Sign in with your Google account
5. Grant permission to SELMA to access your profile information, if requested
   • This is so we can validate your email against your account in SELMA
6. You should be redirected back to SELMA and logged in successfully

Important Notes

• Setup Process: The Google App setup is done by your organisation, but the SELMA integration is configured by the SELMA team
• Credentials Security: Store your Client ID and Client Secret securely before sending them to the SELMA team
• Email Matching: Users must have the same email address in both SELMA and Google for the login process to work

Done! ✅

The Google App setup is now complete. Once you’ve provided the Client ID and Client Secret to the SELMA team and they’ve configured the integration, users will be able to log in using their Google accounts by clicking the “Google” login button on the SELMA login page.

Troubleshooting

• “Invalid client” error: Check that the correct Client ID and Secret were provided to the SELMA team
• “Redirect URI mismatch”: Ensure the redirect URI in Google Cloud Console exactly matches the format https://subdomain.selma.app/connect/google/check
• “This app isn’t verified” warning: For external apps, users may see this warning. You can proceed with “Advanced” → “Go to [App Name] (unsafe)” during testing