Configuring Authorization Providers: Google
The Authorization Provider page allows staff users to configure alternate means to register for or log in to a Community Portal.
Salesforce will only allow one email per user. Therefore, a unique email must be used for each federated login. Otherwise, an Error page will display notifying the user that the authentication attempt has failed.
Configure Google as an Authorized Provider:
Navigate to https://console.developers.google.com and log in to an existing Google account.
From the top right of the window, click the Select a Project dropdown. This will open the Select modal.
Select your Organization from drop down, and select the desired Project. If no project currently exists, click the + button and configure the New Project settings.
Under APIs and auth, click Credentials, which will display the Auth Credentials.
If this is a new project, click Create new Client ID and select Web application as the Application Type, and then click Configure consent screen.
Populate the desired fields below:
Required Fields:
Email Address
Product Name
Optional Fields:
Homepage URL
Product logo
Privacy policy URL
Terms of service URL
Google+ page ID
Click Save when done.
Type the Authorized JavaScript origins and click Create Client ID.
Once the Client ID is created, open up a new tab and log in to Salesforce.
Click Setup.
Under the Administer heading, expand Security Controls and click Auth. Providers.
On the Auth. Providers page, click the New button.
From the Provider Type picklist, select Google.
Populate the desired fields below:
Required Fields:
Name- Enter a unique, identifying name for the Auth. Provider.
URL Suffix- Enter a value to use in the callback URL. This field will default to the value entered in the Name field.
Consumer Key- Paste the Client ID returned in earlier in the process.
Consumer Secret- Paste the Client Secret returned in earlier in the process.
Optional Fields:
Default Scopes- Enter the level of access that this user has to that profile, i.e., read-only access or profile email openid. Otherwise, the field will default to Salesforce.
Custom Error URL- Enter a URL to display a custom error message.
Custom Logout URL- Enter a URL to display a logout error message
Registration Handler- Enter "GoogleAuthRegHandler" into the lookup.
Execute Registration As- Enter the name of a full user in the system associated to a Role. Cannot be a Community User.
Portal- Leave as "None."
Icon URL- Enter a secure URL to the icon, or choose from among Google's sample icons.
The Auth. Provider record populates the Client Configuration fields:
Test-Only Initialization URL
Single Sign-On Initialization URL
Existing User Linking URL
OAuth-Only Initialization URL
Callback URL
Copy the Callback URL and navigate to the Google Developers Console tab in the browser window
Click the Edit Settings button. Paste the Callback URL into the Authorized redirect URIs field and click Update.
Next step is to Enable Social Login.
Click Setup.
In the Quick Find Field, search Sites.
Under the Digital Experiences heading, select All Sites.
Click Workspaces link next to the intended Community. This will open a new Community Workspaces tab.
The the My Workspaces section, click Administration.
From the left nav, click Login & Registration.
From the Login & Registration page, check the Google checkbox and click Save.
Open a new tab, navigate to the Communities app in Salesforce, and select the Sites tab.
Navigate to the Community's related Site record and click Edit.
Select the Auth Provider Default Account using the lookup.
Copy the Single Sign-On Initialization URL generated during the Auth. Provider configuration and paste it into the Google Login URL field.
Click Save.
Authenticated and unauthenticated users can log in to the Community Portal through their Google accounts.