Configuring OpenID authorization using GSuite

Configuring OpenID authorization using GSuite

Last update: 11.08.2022

OpenID is an open standard of a decentralized authentication system that allows the user to create a single account for authenticating to multiple unrelated Internet resources.

To set up OpenID authorization on the Picvario website:

Configure settings on Google:

  1. Go to https://console.developers.google.com/apis/credentials using your organization’s administrator account.
  2. Create a new web application (for example, named Picvario).
  3. Get the ClientID and Client Secret in the control panel:
    MicrosoftTeams-image__7_.png
    MicrosoftTeams-image__8_.png
  4. Add the following address to the list of authorized URIs:
 <site_url>/api/v1/users/oidc/callback

MicrosoftTeams-image__9_.png

Configure settings on Picvario:

  1. Copy the environment variable from frontend SITE_BASE_URL=< some url >.
  2. In the tenant’s Options ( https://<tenant-name>.<site_url>/admin/options/option/) or in hosted versions ( https://<site_url>/admin/options/option/ ), create the parameter:
    OPENID_AUTH_ENABLED

After the parameter is added, 11 more parameters will be created AUTOMATICALLY. You will need to change their values to:

 KEYVALPUBLIC
OIDC_TOKEN_USE_BASIC_AUTHTrue
False
OIDC_RP_SIGN_ALGORS256
False
OIDC_RP_SCOPESemail profile openid
False
OIDC_RP_CLIENT_SECRET(from Google)
False
OIDC_RP_CLIENT_ID(from Google)
False
OIDC_OP_USER_ENDPOINThttps://openidconnect.googleapis.com/v1/userinfo
False
OIDC_OP_TOKEN_ENDPOINThttps://oauth2.googleapis.com/token
False
OIDC_OP_JWKS_ENDPOINThttps://www.googleapis.com/oauth2/v3/certs
False
OIDC_OP_AUTHORIZATION_ENDPOINThttps://accounts.google.com/o/oauth2/v2/auth
False

IMPORTANT! The Public property of all of the above-mentioned options must have the False value! (set by default)

If you want to allow anonymous users to view assets, use ALLOW_ANONYMOUS_USERS = True. This parameter must be public (Public = True) regardless of the value of the parameter itself.

To allow authorization BOTH via Gsuite AND via Picvario, the MULTI_AUTH parameter is used. This parameter is also public (Public = True).

MULTI_AUTH=True/False 

  • parameter that determines whether authentication is possible using several available methods: standard and via OpenID. In the UI, this option is displayed as a page with the standard login and password fields and an additional button at the bottom: «Sign in via corporate account». When the value is False, the authentication option is determined by the OPENID_AUTH_ENABLED.

Sequence of public key search for token verification / Option Priority:

  1. OIDC_RP_IDP_SIGN_KEY_PATH
  2. OIDC_RP_IDP_SIGN_KEY
  3. OIDC_OP_JWKS_ENDPOINT

If errors such as

SuspiciousOperation

or

JWS token verification

failed appear, make sure there is no conflict between these options.

Only

OIDC_OP_JWKS_ENDPOINT

should be specified for GSuite. Other options in this list should be left empty!

    • Related Articles

    • Configuring the Connection to Archiware P5 for Integration with Tape Libraries

      Last update: 12.03.2024 A tape library (storage) is a device designed for long-term storage of large amounts of information. Picvario supports integration with the Archiware P5 data management system, which allows integration with tape storage. ...

    • Microsoft ADFS 3.0 and 4.0 integration

      Last update: 03.04.2024 Configuring authorization in Picvario via Microsoft ADFS requires configuring a number of standard parameters in the Picvario administrative panel, used regardless of your ADFS version. The only difference is the way of ...

    • Azure AD Integration

      Last update: 03.04.2024 The function allows you to configure authorization via the Microsoft Azure AD directory service. Configuring Azure AD To set up Picvario authorization via Azure AD, you need to create an Enterprise application in Azure AD. ...

    • Navigation

      Last update: 02.06.2025 The navigation bar allows you to: Switch between pages of the system, Search and filter assets, View notifications about assets and collections you are subscribed to, View a list of recent workflows, View information about the ...

    • How to Customise the Appearance of Picvario

      Last update: 17.08.2022 The appearance of Picvario can be customised according to your brand visual identity. Currently, you can choose what the logo of your workspace will look like and what color scheme will be used for some elements of the ...