Auth
Setting up SSO with Google
This guide will help you configure SSO between 21RISK and Google. The objective is to configure an OAuth 2.0 Authorization Code Flow with Proof Key for Code Exchange (PKCE). We will create an Application and configure a callback URL. Let's get started ✅
Create SSO Connection in 21RISK Create SSO Connection in 21RISK
First step is to log in to the 21RISK web application at 21risk.com, and navigate to /settings/advanced page. Click on the button "Create SSO IdP connection".
This should take you to the details page of your new SSO Connection.
Now copy the Callback URL, from the "Service Provider Configuration" section.
Without closing 21risk.com, open another browser tab/window.
Setup OAuth application in Google Setup OAuth application in Google
Google needs an application for the OAuth flow. Navigate to https://console.cloud.google.com/ and search for "APIs and services" in the top search bar
This will take you to the "APIs & Services" home screen. From here click on "Credentials" in the menu on the left
This will take you to the "Credentials" page. Next to the page title, you should have an option called "Create credentials". Click this button and choose "OAuth client ID"
You should now see the "Create OAuth client ID" screen. In the Application type dropdown, select "Web application"
This should now show a form, where you can input the application name "21RISK" and paste the Callback URL that you have in your clipboard. Finally, click the "Create" button in the bottom of the window.
A small dialog with the title "OAuth client created" should now open. From here, copy the "Client ID" and "Client secret".
Now go to your tab/window with 21RISK. Change the Provider type to "Google" and paste the values into "Client ID" and "Client Secret" and click create.
You are now done with the Google configuration 🚀
Before users can use the connection, you must register all relevant domains with 21RISK, and mark the connection as primary. Reach out to 21RISK support at support@21risk.com if your domain(s) are not listed.
To mark the connection as primary, click here.
Please note that the first time your users will use the SSO connection, they will meet a consent screen. Please also pay attention to the default expiration at Google for OAuth applications. "Inactive OAuth clients are subject to deletion if they are not used for six months".