Google SSO

Follow the sections in this guide to set up Google SSO.

create-account

Create a New Account

Enter the Project name. Enter the parent organization or folder in the Location box. That resource will be the hierarchical parent of the new project. Click Create.

create-project

Create a New Project

  • Select the project you created above and click on APIs & Services on the left-side panel.

    configure-oauth-consent
  • Click on the OAuth Consent Screen available on the left-hand side panel.

  • Choose User Type Internal.

    select-user-type
  • Once the user type is selected, provide the App Information and other details.

  • Click Save and Continue.

    save-app-information
  • On the Scopes Screen, Click on ADD OR REMOVE SCOPES and select the scopes.

  • Once done click on Update.

    scopes-screen
  • Click Save and Continue.

    save-edit-app-registration
  • Click on Back to Dashboard.

    back-to-dashboard
    back-to-dashboard
  • Once the OAuth Consent is configured, click on Credentials available on the left-hand side panel.

    create-credentials
  • Click on Create Credentials

  • Select OAuth client ID from the dropdown.

    cselect-outh-client-id
  • Once selected, you will be asked to select the Application type. Select Web application.

    select-web-application

After selecting the Application Type, name your project and give the authorized URIs:

  • domain/callback

  • domain/silent-callback

    authorized-urls
  • Click Create

  • You will get the credentials

    get-the-credentials
  • Go to Credentials

  • Click on the pencil icon (Edit OAuth Client) on the right side of the screen

    find-credentials
  • You will find the Client ID and Client Secret in the top right corner

    find-clientid-and-secret

This is a guide to create ingestion bot service account.

  • Navigate to your project dashboard

    create-service-account
  • Click on Credentials on the left side panel

    click-credentials
  • Click on Manage service accounts available on the center-right side.

    manage-service-accounts
  • Click on CREATE SERVICE ACCOUNT

    click-save-create-service-account
  • Provide the required service account details.

Note

Ensure that the Service Account ID is ingestion-bot and click on CREATE AND CONTINUE. If you chose a different Service Account Id, add it to the default bots list in Configure OpenMetadata Server

required-account-details
  • Click on Select a role and give the Owner role. Then click Continue.
    select-owner-role
  • Click DONE
    click-done-service-account
  • Now you should see your service account listed.
    listed-service-account
  • Click on the service account in the list.
    enable-domain-wide-delegation
  • On the details page, click on SHOW DOMAIN-WIDE DELEGATION

    show-domain-wide-delegation
  • Enable Google Workspace Domain-wide Delegation

  • Click on SAVE

    enable-google-domain-wide-delegation
  • Once done with the above steps, click on KEYS available next to the DETAILS tab.

  • Click on ADD KEY and select Create a new key.

    create-new-key
  • Select the format. The JSON format is recommended.

  • Next, click on CREATE

    save-json
  • The private-key/service-account JSON file will be downloaded.

After the applying these steps, you can update the configuration of your deployment:

After everything has been set up, you will need to configure your workflows if you are running them via the metadata CLI or with any custom scheduler.

When setting up the YAML config for the connector, update the workflowConfig as follows:

workflowConfig:
  openMetadataServerConfig:
    hostPort: 'http://localhost:8585/api'
    authProvider: google
    securityConfig:
      secretKey: '{path-to-json-creds}'

Still have questions?

You can take a look at our Q&A or reach out to us in Slack

Was this page helpful?

editSuggest edits