Skip to content

Set up Google SSO in rConfig V8 Core

After reading this page, I can configure Single Sign-On for rConfig V8 Core using Google Workspace. This covers creating an OAuth 2.0 client in Google Cloud Console, adding the credentials to rConfig, and approving the first SSO user so they can sign in.

Use this page when your organisation authenticates with Google Workspace and you want users to sign in to rConfig with their Google accounts instead of separate local passwords. It suits teams that have standardised on Google as their identity provider and want centralised account control.

  • Administrator access to the Google Cloud Console and Google Workspace Admin Console
  • Administrator access to rConfig V8 Core
  • rConfig reachable over HTTPS with a valid domain name (see SSL setup)
  • Shell access to the rConfig server to edit the .env file

Sign in to the Google Cloud Console with an administrator account and select the project that will own the rConfig OAuth client.

Section titled “Step 2: Configure the OAuth consent screen”
  1. Navigate to APIs & Services > OAuth consent screen.
  2. Select Internal or External based on your organisation’s requirements.
  3. Enter the required application information.
  4. Add authorised domains if needed.
  5. Save the configuration.
  1. Navigate to APIs & Services > Credentials.
  2. Click Create Credentials > OAuth client ID.
  3. Select Web application as the application type.
  4. Enter a name for the OAuth client, for example rConfig V8 Core.
  5. Under Authorised redirect URIs, add your callback URL:
    https://your-rconfig-domain.com/auth/callback/google
  6. Click Create.
  7. Copy the Client ID and Client Secret. You need both for the rConfig configuration.

Open the rConfig .env file:

Terminal window
vim /var/www/html/rconfig/.env

Add or update these lines with the values copied from Google Cloud Console:

Terminal window
GOOGLE_CLIENT_ID=your_client_id
GOOGLE_CLIENT_SECRET=your_client_secret
GOOGLE_REDIRECT_URI=https://your-rconfig-domain.com/auth/callback/google
  • GOOGLE_CLIENT_ID: OAuth 2.0 Client ID from Google Cloud Console.
  • GOOGLE_CLIENT_SECRET: OAuth 2.0 Client Secret from Google Cloud Console.
  • GOOGLE_REDIRECT_URI: Must match the authorised redirect URI configured in Google exactly.

Save the file and clear the rConfig cache so the new values take effect:

Terminal window
php /var/www/html/rconfig/artisan rconfig:clear-all

Reload the rConfig login page. A Sign in with Google button now appears below the standard username and password fields.

rConfig V8 Core login page showing the standard username and password fields with a Sign in with Google SSO button below them

When a user signs in via Google for the first time:

  1. The user authenticates successfully with Google.
  2. rConfig creates the account with SSO access disabled.
  3. The user sees a message that approval is required.

An administrator then completes the approval:

  1. Log in to rConfig as an administrator.
  2. Navigate to the Users section.
  3. Locate the new SSO user.
  4. Enable SSO access for that user.
  5. Assign an appropriate role and permissions.

After approval, the user can authenticate with Google and access rConfig.

Why isn’t the Sign in with Google button appearing?

Section titled “Why isn’t the Sign in with Google button appearing?”
  • Confirm all three environment variables are set correctly in .env.
  • Confirm the cache was cleared with php /var/www/html/rconfig/artisan rconfig:clear-all.
  • Check the Apache error logs for configuration issues.

If authentication starts but fails, verify the redirect URI matches exactly between Google and rConfig, confirm the OAuth consent screen is configured, and check that the OAuth client is not restricted or disabled.