ClickHelp User Manual

Use Google as SSO Provider

Important
When using SSO, you need to create user accounts in ClickHelp for each SSO user that authenticates with a 3rd-party service. This is required so ClickHelp can apply specific permissions to the authenticated user, and those permissions are configured in a ClickHelp user profile. You can use ClickHelp REST API to bulk-create users or to create a new ClickHelp user every time a new application user is getting created on your end. 

You can log in to ClickHelp using Google as the OpenID Connect provider. Further on, you will find the steps to set up a Google Web Application and configure your ClickHelp portal to use this OpenID Connect provider.

Setting up a Google Web Application  

To set up the Google Web Application, first of all, you need to register your ClickHelp portal as a web application in the Google Developer Console. Then, when you open the console for the first time, it asks you to create a new project.

The Create project button in the Google Developer Console
  • Specify a name for a new project and click Create:
    The New Project window in the Google Developer Console 
  • Once the new project is created, open the APIs & Services screen and click Credentials to continue setting things up.
    The Credentials button on the APIs & Services screen 
  • On the Credentials screen, click the Create credentials button and select the OAuth client ID option.
    Click the Create credentials button and select the OAuth client ID on the Credentials screen 
  • The next step is setting up the consent screen responsible for what the Google login screen should show when logging into the project you just created. This step is optional if you have already set up the consent screen. Click the Configure consent screen button:
    The Configure consent screen button on the Create OAuth client ID screen 
  • Select the User Type that suits you:
    Select the User Type on the OAuth consent screen
  • Specify the application name, responsible person email address, the list of authorized domains, and some other optional parameters if needed,.
    Fill in the App information on the Edit app registration screen
  • The authorized domain is required and should be clickhelp.co. If you set up a custom domain for your portal, you may need to add this domain to the list as well.
    Fill in the Authorized domain
  • In the next step, you may add or remove scopes. First, ensure that the Scopes for Google APIs list contains the email and openid scopes.
    Add or remove scopes on the Scopes screen
  • You can generate the Client ID and Client Secret for the application when the consent screen is set. To do this, specify the application type as a Web application, type the internal application name, and specify the application authorized redirect URL. It must be this (a slash at the end is required): https://<YOU_PORTAL_NAME>.clickhelp.co/oauth2/
    Set the Application type as a Web application on the Create OAuth client ID screen

  • Google will generate the Client ID and Secret values for you:
    Google generated the Client ID and Secret values 

  • To proceed to the ClickHelp settings, we need to get the authentication and token URLs from Google. You can skip this step if you are setting up the predefined Google provider in ClickHelp. To get these values, click the Download button next to the newly created application name and download a JSON file containing all the required data.
    Download a JSON file clicking the Download button

Configuring ClickHelp  

Now, let's set up ClickHelp to work with Google as OpenID Connect Provider. Follow these steps:

  • To make a ClickHelp portal work with an OpenID Connect Provider, we need to register a client in the portal. You can do this in the Portal Settings editor by a user with administrator permissions:
    The Portal settings button in ClickHelp main menu 
  • Open the Single Sign-on page under the Administration menu, select the predefined Google connection, specify Client ID and Client Secret obtained from Google earlier. Enable the connection and click Save to save the settings.
    In the Single Sign-On section select Google, specify Client ID and Client Secret 
  • Once the provider connection settings are saved, you may specify it as the default provider. To do this, select the client name in the Login with combo box.
    Choose Google in the Login with combo box 
    That's it, the OpenID Connect functionality for Google is enabled in the portal!
  • If you want to continue using the ClickHelp login dialog, leave the Log with field untouched. You will be able to login to your portal using Google credentials from the Login dialog by clicking the corresponding button:
    ClickHelp Log In page

Using the Google OpenID Provider  

To check how the automatic authentication via OpenID Connect works, we need to ensure that we have a user with an email address corresponding to a valid Google account.

  • Let's' open the User Management page:
    The Users and Roles button in ClickHelp main menu 
  • Add a new user with an address bound to a valid Google account:
    Create a new user with an address bound to a Google account 
  • Once the user is created, log out from your admin account or open a new browser instance in the Incognito mode. Also, please make sure that the test Google account is not logged in within this browser session. You can open the Google+ page to make sure that no Google accounts are logged in.
    Open the Google+ page to make sure that no Google accounts are logged in

  • Suppose you specified Google as the default login option. In that case, you can open an article from a restricted publication by a direct link that can be a link provided by your portal or application as a reference to a Help topic, FAQ article, and so on. You will be automatically redirected to the Google account login page as you are not logged in to Google at the moment.

    Automatic redirection to the Google account login page

  • Once you provide the valid credentials, you will log in to ClickHelp.

  • Now, log out from ClickHelp and open this page once again. Since you are logged in to Google in this browser session, ClickHelp will log you in automatically without showing any login prompts.

    If you want the OpenID Connect provider always to show the login prompt, you can change the Login behavior parameter to Require login prompt:
    Change the Login behavior parameter to Require login prompt

  • This time, if you are logged into Google, you still see the Google login prompt when logging into ClickHelp:
    The Google login prompt when logging into ClickHelp

  • Even if you specified Google as the default login option, it is still possible to log in to a ClickHelp portal using its native credentials (ClickHelp user account, no SSO), you can do this by following the Login link with a special no-sso parameter: https://<YourPortalName>.clickhelp.co/login/?error=no&no-sso=true

Well done! You have successfully set up Google as the OpenID Connect provider for your online documentation portal.

SSO User Matching Use Microsoft Azure AD as SSO Provider
ClickHelp — Online Documentation and Help Authoring Tool
© ClickHelp 2023