SFTP Gateway Support

3.0

Google Cloud Authentication with the Web Admin UI

With SFTP Gateway version 3.004.00, you can now integrate Google Cloud Authentication with SFTP Gateway’s web admin portal. In other words, web admins can leverage their existing Google Cloud credentials instead of managing another account just for SFTP Gateway.

Configuring Google Authentication is a process. At a high level, you will be performing two steps:

  • Create and configure an OAuth 2.0 client in Google Cloud
  • Point SFTP Gateway to the OAuth 2.0 client

Note: Google Credentials cannot be used for SFTP authentication.

How to Create OAuth 2.0 Client IDs in API & Services

Open the Google Cloud Console and search for API & Services.

Note: Before creating an OAuth 2.0 client, you need to have first configured a hostname for your SFTP Gateway VM.

Image

Once you are in API & Services, go to Credentials on the left menu.

Image

Click + Create Credentials and select OAuth client ID.

Under the Application type, select Web application, and configure a name for your OAuth 2.0 client.

Next, configure the URIs you will be using for the JavaScript origin and redirect URI.

For the JavaScript Origin URI enter in this value:

https://sftp-gateway-hostname

For the redirect URI enter in this value:

https://sftp-gateway-hostname/backend/login/oauth2/code/custom-name

The custom-name can be any value you’d like, but make sure to remember it, as you’ll need it later on. Once everything has been configured, click Create at the bottom.

Image

Once your OAuth 2.0 client has been created, enter into it and you should see this screen:

Image

Keep this page open as you will need the client ID and client secret when you configure the Identity provider in SFTP Gateway.

Configure the Identity Provider on SFTP Gateway

In the SFTP Gateway web admin portal, go to Settings. Under Identity Providers, click Add new IdP.

For the new Identity Provider, fill in the following fields:

  • Identity Provider Display Name: This is the name that will be displayed on the login screen.

  • Issuer URI: For the Issuer URI, paste in the below value

https://accounts.google.com

  • Client ID: Paste in the client ID from OAuth 2.0 client overview page.

  • Client Secret: Paste in the client secret from OAuth 2.0 client overview page.

  • Name Attribute: Set this value to sub.

  • Registration ID: Use the custom name you made for the callback URI when creating the OAuth 2.0 client.

  • Scopes: Set this value to openid.

Image

Test the changes in the web browser

If you are logged into the web admin UI, click the logout button on the top right and then refresh the browser.

On the login page, you should see the following link toward the bottom with the Display name you configured.

Image

You will then be redirected to enter your Google Cloud credentials.

Once logged in, you will be authenticated to the SFTP Gateway web admin portal. You’ve now successfully integrated Google Cloud Authentication with SFTP Gateway’s web admin portal.

For more help with SFTP Gateway, check out the Knowledge Base or our YouTube channel and the video below.

PreviousNext