GSuite Authentication

Google OAuth 2.0 Authentication is only available on 'On-Premise' Offers
You can enable Google OAuth 2.0 authentication for ease of registration and login. Also, you can restrict the registration to a certain domain name. Check that your rakam-bi container has the following environment variables available;

Variable

Example Value

Description

RAKAM_CONFIG_SITE__URL

https://your-rakam-bi-url.com

Should point to your load balancers A/CNAME. You may verify this using the shell command: dig A your-rakam-bi-url.com @8.8.8.8. Only e-mail addresses associated with suffix your-rakam-bi-url.com will be able to log in and register to Rakam-BI.

1. Create OAuth 2.0 client ID

Navigate to Google Developer Console. Click on 'Credentials' and create an 'OAuth client ID'

Enter your Rakam-BI deployment URL to 'JavaScript Origins' and 'Authorized redirect URIs', click 'Create' when you are done and copy your 'client ID'. If you get an error Invalid Origin: domain must be added to the authorized domains list before submitting, setup your 'OAuth consent screen' and add email, profile and openid to scopes.

Update Google OAuth 2.0 Client-ID on Rakam-BI Admin Page

Log in with your administrator account (the first account you registered to your rakam-bi deployment.).Navigate to your administration page on rakam-bi (htttps://your-rakam-bi-url.com/admin/auth). Select the Google section and paste your client ID.

You can verify the installation via logging out and locating 'Connect with G Suite' button. Once this integration enabled, registration of local accounts is not possible. Although already registered users will be able to log in over 'Use a Local User' option.

Once a local user is logged in using Google OAuth2, it is not possible to log in using local credentials anymore but the administrator user