Login with Google

A cool feature that we had on our wish list for a long time will be on the next version: Login with your Google account. The way this works is that the web front end pulls a JavaScript library from a Google server that handles the details for the Google login. Once the login is done, Google provides a token that the PBX backend can use to pull the email address of the logged in account and set up a user session, just as if the user had logged in with the username and the password.

Google has done a lot to make the login secure and convenient, including such things as 2-factor authentication and email notifications and provides this service as part of the Google G Suite service. There is noting that the end user needs to do in order to make this work.

This obviously requires that the email address in the user account matches the email account in the Google account. If the user has multiple email addresses one match will be sufficient. It makes no difference if this is a free Gmail account or a paid Google business account.

In order to make this work, the domain that wants to use this feature needs to set this up on the Google side. For that you will have to login to the Google API site and create credentials for the domain. Unfortunately it is not possible to use wildcard domain names, so that every domain name that can be used for the login must be listed there. If you are using a secure connection you should put only the https address there. If you are using multiple domain names, they must be listed separately. There is a wizard at https://developers.google.com/identity/sign-in/web/sign-in that you can use to set this up:

After picking a name for your login, you need to do some minimal configuration. The PBX uses "Web browser" as configuration and the URL must match the URL that you use for logging in:

The final screen shows you the Client ID that you need to copy into the PBX web interface. A typical client ID has the form xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com.

Copy the Client ID into the domain settings "Google sign in client ID" and hit the save button.

Then the next time that someone visits the login page, there will be a small login field under the login submit button that can be used to trigger the login process.

Right now this sign in service is only available for user accounts. System and domain administrators still need to use their username and password credentials like before. Fortunately, most browsers today support storing those credentials, so that repeated logins should not be too inconvenient.

This will be generally available for 60.2 builds. It is included in some 60.1 test builds already.