How to Configure Google Authentication on Local Omada Controller

Base de conocimientos
Guía de configuración
02-26-2025
12574

Contents

Objective

Requirements

Introduction

Prerequisites

Configuration

Configuring Google OAuth API

Configuring Google authentication in the Controller

Conclusion

Objective

This article demonstrates how to configure Google Authentication on the Local Controller, including step-by-step Google Cloud OAuth API setup and integration for Google authentication.

Requirements

  • Omada Software Controller

  • Google OAuth API

Introduction

Omada Google Portal authentication integrates the Google OAuth API into the Portal of the Omada network management system, enabling users to conveniently and securely complete network authentication services using their Google accounts.

Prerequisites

  • The Google authentication feature is based on the Google OAuth API. To meet the requirements of the Google OAuth API, when using Google authentication on the Local Controller, you need to have a domain name and a trusted certificate for that domain. Also, ensure that the DNS configuration can resolve the requests from web clients for that domain to the IP address of the Local Controller. For specific requirements of the domain name, please refer to the Google documentation: https://developers.google.cn/identity/protocols/oauth2/web-server#uri-validation

Configuration

Configuring Google OAuth API

Google authentication requires a Google OAuth API. If you haven't created one, follow the steps below to create and configure one.

Step 1. Please visit https://console.cloud.google.com/ to create a project for your Google authentication.

Create a new project in Google Cloud. Step 2. After completing the project creation, access the APIs & Services section via the quick access or the sidebar.

Access API & Services through the left sidebar or Quick access.

Step 3. Enter and set up the OAuth consent screen.

Set up OAuth consent screen

Click GET STARTED.

A picture indicates the position of "Get Started" button

Please fill in the required fields: App name, User support email, and then click NEXT.

Input the App name and User support email of the OAuth consent screen

Select Audience type as External and click Next.

Select Audience type as External

Complete the contact information and click NEXT.

Enter the Developer contact Email address of the OAuth consent screen

Select I agree to the Google API Services: User Data Policy and click CREATE.

Select I agree to the Google API Services: User Data Policy and click CREATE

Step 4. Go to the Data Access page and click ADD OR REMOVE SCOPES.

Add Scopes

Scope refers to the extent to which account information and operations users authorize the Controller to access it. The scopes that need to be added are openid and user info.email. These two scopes are non-sensitive and are used by Google authentication to query Google for the user's unique identifier and email. The Controller will not retain the above user's personal information. After that, click UPDATE to save the settings(at the bottom of the page).

Select scopes

Update scopes

After updating scopes, don’t forget to save the settings.

Save settings

Step 5. Create an OAuth client ID. In the sidebar, select APIs & Services >Credentials, and then choose OAuth client ID when creating credentials.

Create Oauth client ID

Select the application type as a Web application.

Select OAuth client ID application type as a Web application

Fill in the Name, and in the "Authorized redirect URIs" field, enter the following URI: https://{Your domain name}:8843/portal/sociallogin/auth. The web client will use this URI to redirect back to the Controller after completing the login on Google to finish the subsequent authentication process.

Input Client ID name and Authorized redirect URIs

After clicking Create, the Client ID and Client Secret will be displayed in a pop-up window.

OAuth client information

You can also view them later by clicking on the corresponding entry in the client list. The Client ID and Client Secret are the credentials for your newly created Google OAuth API. The Controller will use them to perform Google authentication with your API.

Client ID & Secret details page

Step 7. Go to the OAuth consent screen >Audience and click PUBLISH APP.

Publish APP

Configuring Google authentication in the Controller

Step 1. Select Google in the authentication type selection dropdown box on the Portal settings page. Then, in the Google authentication settings section below, fill in the Client ID and Client Secret of your Google OAuth API.

Configure Google authentication on the Controller

Step 2. Configure the HTTPS Certificate. You can configure the HTTPS certificate by following the link: How to Configure HTTPS Certificate to Avoid “Untrusted Certificate” Error - Business Community.

Step 3. Login testing and adding addresses exempt from authentication. Once the Google authentication configuration is done, use a terminal device to access the Portal page and test if the authentication process works.

Google login addresses vary by country and region. During the login test, you may face access issues. If so, note the inaccessible addresses via the browser's address bar or F12 devtools and add them to the exemption list.

Add a pre-authenticated address

After adding the address for authentication exemption, please conduct a login test again to verify that the login process can proceed normally.

Conclusion

The above is the entire introduction and configurations of Google Authentication; please configure them according to your needs.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Califique este documento

Documentos relacionados