ClickHelp Documentation

Use Google as SSO Provider

Information When using SSO, you need to create user accounts in ClickHelp for each SSO user that authenticates with a 3rd-party service. This is required so ClickHelp can apply specific permissions to the authenticated user, and those permissions are configured in a ClickHelp user profile. You can use ClickHelp REST API to bulk-create users, or to create a new ClickHelp user every time a new application user is getting created on your end.

You can log in to ClickHelp using Google as the OpenID Connect provider. Further on, you will find the steps of how to set up a Google Web Application and to configure your ClickHelp portal to use this OpenID Connect provider.

Setting up a Google Web Application  

To set up the Google Web Application :

  • First of all, you need to register your ClickHelp portal as a web application in the Google Developer Console. When you open the console for the first time, it asks you to create a new project.
  • Specify a name for a new project and click CREATE:
  • Once a new project is created, open the APIs & Services screen and click Credentials to continue setting up things.
  • On the Credentials screen, click the Create credentials button and select the OAuth client ID option.
  • The next step is setting up the consent screen that is responsible for what the Google login screen should show when logging into the project you just created. If you already set up the consent screen, this step is optional. Click the Configure consent screen button:
  • And then specify the application name, responsible person email address, the list of authorized domains, and, if needed, some other optional parameters.
  • The authorized domain is required and should be this: If you set up a custom domain for your portal, you may need to add this domain to the list as well. Also, make sure that the Scopes for Google APIs list contains the email and openid scopes.
  • When the consent screen is set, you can generate the Client ID and Client Secret for the application. To do this, specify the application type as Web application, type the internal application name and specify the application authorized redirect URL. It must be this (a slash at the end is required):
  • Google will generate the Client ID and Secret values for you:

  • Now, to proceed to the ClickHelp settings, we need to get the authentication and token URLs from Google. If you are setting up the predefined Google provider in ClickHelp, you can skip this step. To get these values, click the Download button next to the newly created application name and download a JSON file containing all the required data.

Configuring ClickHelp  

Now, let's set up ClickHelp to work with Google as OpenID Connect Provider. Follow these steps:

  • To make a ClickHelp portal work with an OpenID Connect Provider, we need to register a client for this provider in the portal. This can be done in the Portal Settings editor by a user with administrator permissions:
  • Open the Single Sign-on page under the Administration menu, select the predefined Google connection, specify Client ID and Client Secret obtained from Google earlier. Enable the connection and click Save to save the settings.
  • Once the provider connection settings are saved, you may specify it as the default provider. To do this, select the client name in the Login with combo box.
    That’s it, the OpenID Connect functionality for Google is enabled in the portal!
  • If you want to continue using the ClickHelp login dialog, leave the Log with field untouched. You will be able to login to your portal using Google credentials from the Login dialog by clicking the corresponding button:

Using the Google OpenID Provider  

To check how the automatic authentication via OpenID Connect works, we need to make sure that we have a user with an email address corresponding to a valid Google account.

  • Let’s open the User Management page:
  • And add a new user with an address bound to a valid Google account :
  • Once the user is created, log out from your admin account or open a new instance of your browser in the Incognito mode. Also, please make sure that the test Google account is not logged in within this browser session. You can open the Google+ page to make sure that no Google accounts are logged in.

  • If you specified Google as the default login option, you can open an article from a restricted publication by a direct link which can be a link provided by your portal or application as a reference to a Help topic, FAQ article, and so on. You will be automatically redirected to the Google account login page as we are not logged in to Google at the moment.

  • Once the valid credentials are provided, you are logged in to ClickHelp.

  • Now, log out from ClickHelp and try to open this page once again. Since you are logged in to Google in this browser session, ClickHelp will log in the user automatically without showing any login prompts.

    If you want the OpenID Connect provider to always show the login prompt, you can change the value of the Login behavior parameter to Require login prompt:

  • This time, if you are logged into Google, you still see the Google login prompt when logging into ClickHelp:

  • Even if you specified Google as the default login option, it is still possible to log in to a ClickHelp portal using its native credentials (ClickHelp user account, no SSO), you can do this by following the Login link with a special no-sso parameter:

Well done! You have successfully set up Google as the OpenID Connect provider for your online documentation portal.