You can use Google to provide identity and access management to secure supported applications like Omniscope.
Google supports single-sign on, which allows you to avoid having to configure separate login credentials for users inside each application. Instead you can redirect to Google to provide user authentication and identification.
This is not intended to be an in-depth discussion of authentication. Instead it provides a step-by-step guide to manage user authentication using OpenID Connect within Omniscope.
Before deploying any access management tool on your production server you should ensure you are familiar with the technologies involved, and have studied the providers documentation carefully.
If you don't have one already, create a Google account.
Configure your app
Open the Google API Console by navigating to https://console.developers.google.com/.
Once inside the console navigate to: APIs and Services > OAuth consent screen.
If you don't have one already, you should create a new Application. If you already have an application click Edit and step through the settings to ensure your application is configured to use OpenID Connect.
Give your application a name and enter a user support email.
Click SAVE AND CONTINUE.
Next we need to configure the application scopes. Scopes are used to specify the permissions that you request users to authorise for your application.
Ensure the following scopes are selected:
If any of these scopes are missing click ADD OR REMOVE SCOPES. When you're finished, click SAVE AND CONTINUE.
Review and edit the optional info if required.
Click SAVE AND CONTINUE.
The Summary screen will give you a chance to review all your application information. Ensure the settings you have made are correct.
Click SAVE AND CONTINUE to finish setup.
In the API Console, navigate to APIs & Services > Credentials.
Click CREATE CREDENTIALS > OAuth client ID.
Select Web application in the Application type dropdown.
Enter a valid name.
Add an Authorised redirect URI: http://localhost/oidc-cb.
In case you intend to run Omniscope server on a port different from port 80 used in this example you need to use the same port number here, e.g. use http://localhost:8181/oidc-cb for port 8181.
Once you click create you should now see a popup window with your Client ID and Client Secret. Make a note of these, as you'll need them later on.
Please note that you are always logged in as an admin/root user when you open locally installed Omniscope server in the browser by http://127.0.0.1:24679/ url or open Omniscope window from the system tray icon.
Use http://localhost (with the right port number configured above if it is different) if you need to log in as a different user.
Setup the Google Provider
Select Google to open the Google configuration dialog.
Now enter the Client ID and Client secret you made a note of earlier.
For more details regarding other options in the dialog see here.
Click Test Connection to ensure Google has been successfully configured. You should see a popup informing you that validation was successful.
Click Back then Save.
Create a group
Create a Group
Configure anonymous permissions
You will also need to restrict access to your Omniscope server for users that are not logged in.
You can do it by opening Configure Anonymous Permissions on Edit Permissions dialog.
If you want to restrict any anonymous access to your files then click No To All then close the drop-down and click Save.