How to Configure Google Authentication on Local Omada Controller

OC200 , OC300 , OC400 , Omada Software Controller
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Contents
Configuring Google authentication in the Controller
Objective
This article demonstrates how to configure Google Authentication on the Local Controller, including step-by-step Google Cloud OAuth API setup and integration for Google authentication.
Requirements
-
Omada Software Controller
-
Google OAuth API
Introduction
Omada Google Portal authentication integrates the Google OAuth API into the Portal of the Omada network management system, enabling users to conveniently and securely complete network authentication services using their Google accounts.
Prerequisites
-
The Google authentication feature is based on the Google OAuth API. To meet the requirements of the Google OAuth API, when using Google authentication on the Local Controller, you need to have a domain name and a trusted certificate for that domain. Also, ensure that the DNS configuration can resolve the requests from web clients for that domain to the IP address of the Local Controller. For specific requirements of the domain name, please refer to the Google documentation: https://developers.google.cn/identity/protocols/oauth2/web-server#uri-validation
Configuration
Configuring Google OAuth API
Google authentication requires a Google OAuth API. If you haven't created one, follow the steps below to create and configure one.
Step 1. Please visit https://console.cloud.google.com/ to create a project for your Google authentication.
Step 2. After completing the project creation, access the APIs & Services section via the quick access or the sidebar.
Step 3. Enter and set up the OAuth consent screen.
Click GET STARTED.
Please fill in the required fields: App name, User support email, and then click NEXT.
Select Audience type as External and click Next.
Complete the contact information and click NEXT.
Select I agree to the Google API Services: User Data Policy and click CREATE.
Step 4. Go to the Data Access page and click ADD OR REMOVE SCOPES.
Scope refers to the extent to which account information and operations users authorize the Controller to access it. The scopes that need to be added are openid and user info.email. These two scopes are non-sensitive and are used by Google authentication to query Google for the user's unique identifier and email. The Controller will not retain the above user's personal information. After that, click UPDATE to save the settings(at the bottom of the page).
After updating scopes, don’t forget to save the settings.
Step 5. Create an OAuth client ID. In the sidebar, select APIs & Services >Credentials, and then choose OAuth client ID when creating credentials.
Select the application type as a Web application.
Fill in the Name, and in the "Authorized redirect URIs" field, enter the following URI: https://{Your domain name}:8843/portal/sociallogin/auth. The web client will use this URI to redirect back to the Controller after completing the login on Google to finish the subsequent authentication process.
After clicking Create, the Client ID and Client Secret will be displayed in a pop-up window.
You can also view them later by clicking on the corresponding entry in the client list. The Client ID and Client Secret are the credentials for your newly created Google OAuth API. The Controller will use them to perform Google authentication with your API.
Step 7. Go to the OAuth consent screen >Audience and click PUBLISH APP.
Configuring Google authentication in the Controller
Step 1. Select Google in the authentication type selection dropdown box on the Portal settings page. Then, in the Google authentication settings section below, fill in the Client ID and Client Secret of your Google OAuth API.
Step 2. Configure the HTTPS Certificate. You can configure the HTTPS certificate by following the link: How to Configure HTTPS Certificate to Avoid “Untrusted Certificate” Error - Business Community.
Step 3. Login testing and adding addresses exempt from authentication. Once the Google authentication configuration is done, use a terminal device to access the Portal page and test if the authentication process works.
Google login addresses vary by country and region. During the login test, you may face access issues. If so, note the inaccessible addresses via the browser's address bar or F12 devtools and add them to the exemption list.
After adding the address for authentication exemption, please conduct a login test again to verify that the login process can proceed normally.
Conclusion
The above is the entire introduction and configurations of Google Authentication; please configure them according to your needs.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Questa faq è utile?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Grazie
We appreciate your feedback.
Click here to contact TP-Link technical support.
Questo sito utilizza i cookies per migliorare l'esperienza di navigazione, analizzare le attività online e offrire agli utenti una migliore user experience. Puoi disattivare o rifiutare il loro utilizzo in qualunque momento. Per maggiori informazioni consulta la nostra privacy policy .
Your Privacy Choices
Questo sito utilizza i cookies per migliorare l'esperienza di navigazione, analizzare le attività online e offrire agli utenti una migliore user experience. Puoi disattivare o rifiutare il loro utilizzo in qualunque momento. Per maggiori informazioni consulta la nostra privacy policy .
Basic Cookies
Questi cookies sono necessari per il corretto funzionamento del sito e non possono essere disattivati nel tuo sistema.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Analytics e Marketing Cookies
I cookies analitici ci permettono di analizzare le tue attività sul nostro sito allo scopo di migliorarne le funzionalità.
I marketing cookies possono essere impostati sul nostro sito dai nostri partner pubblicitari allo scopo di creare un profilo di tuo interesse e proporti contenuti pubblicitari rilevanti su altri siti.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au