9.2. Authentication with OpenID and Google Accounts

The AuditConsole can also be set up to allow users to login using an OpenID provider or their Google Account. This allows for a convenient single-sign-on setup with an external authentication provider.

As noted in the beginning of this chapter, the users need to be present in the AuditConsole user database. In addition to that the user.openid attribute of a user needs to be specified in order for the AuditConsole to be able to find the corresponding user.

9.2.1. Enabling OpenID/Google SSO in the AuditConsole

The AuditConsole is prepared for OpenID/Google login but that feature is disabled by default. If you want to allow users to use OpenID, you will need to enable that feature explicitly in the AuditConsole Setup -> Basic Settings.

The following figure shows the setup dialog that allows administrators to enable OpenID/Google authentication.

Saving this form with OpenID support enabled will take immediate effect. No restart of the AuditConsole is required.

9.2.2. Setting the OpenID/Google ID for a User

For a user to be able to authentication with an OpenId/Google account, this user's user.openid attribute needs to be set to the account name.