-
Notifications
You must be signed in to change notification settings - Fork 526
Google authentication
Note: This feature is available in Enterprise and AWS editions only.
Google OAuth 2.0 is an open standard for access delegation. It lets users log in to CloudBeaver using their Google account and enables single sign-on (SSO).
For details, see the Google Identity documentation.
Make sure you have:
- A Google account with access to Google Cloud Console.
- An OAuth 2.0 application configured in Google Cloud.
- As an administrator, go to Settings -> Server Configuration
- Find and activate the Google option in the Configuration section.
Tip: For more information on Server Configuration, see Server configuration administration.
Note: To use cloud-hosted databases or Google Cloud Storage, also enable the Cloud (Google) and Cloud Storage checkboxes.
-
As an administrator, navigate to Settings -> Identity Providers
-
Click + Add
-
Fill in the following fields:
Field Description Provider type Select Googlefrom the dropdown menu.ID Enter a unique identifier for this configuration. Configuration name Enter a descriptive name for this configuration. Description (Optional) Provide a brief description of this identity provider. Icon URL (Optional) Enter the URL of an icon to represent this provider in the UI. Disabled (Optional) Leave unchecked to enable this identity provider. Client ID Enter the client ID from your Google OAuth 2.0 application. Client secret Enter the client secret from your Google OAuth 2.0 application. Add custom scopes (Optional) Enable to specify additional OAuth scopes. Required for Google Cloud integration. Read user info (Optional) Retrieves user profile data using the userinfoendpoint.Custom scopes (Optional) Additional OAuth scopes. Use ;as a delimiter. Required for Google Cloud integration. See supported scopesName of an AWS role claim (Optional) The name of the AWS role claim used for AWS authorization. -
Copy the redirect link:
- Copy the Redirect link.
- Add it to your Google OAuth 2.0 application. For instructions, see Set a redirect URI.
- Once configuration is complete, go to the login screen.
- Select the Federated authentication method labeled with the Configuration name you specified.
- Log in with your Google account to verify the integration works.
Tip: Once configured, users can access GCP databases and Google Cloud Storage without additional credentials. For more details, see Pass-through authentication.
To enable Google Cloud integration:
-
Enable the Add custom scopes checkbox.
-
Add the following scopes, separated by
;:https://www.googleapis.com/auth/spanner.admin;https://www.googleapis.com/auth/bigquery;https://www.googleapis.com/auth/cloud-platform;https://www.googleapis.com/auth/devstorage.full_controlScope Description spanner.adminManage Spanner databases. bigqueryView and manage data in Google BigQuery. cloud-platformAccess GCP and read the list of available databases. devstorage.full_controlManage BigQuery data in Google Cloud Storage. Note:
cloud-platformanddevstorage.full_controlare restricted scopes in Google's OAuth sensitivity model. Using them may require your Google Cloud project to go through Google's verification process before they work in production. For details, see Google's OAuth API verification FAQ. -
Save the configuration and re-login to apply the new scopes.
-
Verify the integration:
- Open Cloud Explorer in the connection creation menu - you should see your GCP project and its databases.
- Open Cloud Storage - you should see your Cloud Storage buckets.
- Getting started
- Create connection
- Connection network options
- Supported databases
-
Drivers management
- Database authentication methods
- Database navigator
- Properties editor
- Data editor
- SQL editor
-
Entity relation diagrams
- Cloud services
-
AI Smart assistance
- Data transfer
- General user guide
- Administration
- Server configuration
-
Server security and access configuration
- Authentication methods
- Access management
- Proxy configuration
-
Secret management
- Logs
-
Query manager
- Workspace location
- Command line parameters
-
Session manager
- Deployment options
- CloudBeaver Editions
- FAQ
- Development