Skip to main content

Google Single Sign-on

info

This feature is available only on the enterprise edition for ToolJet

Goto Google cloud console and create a project.

ToolJet - Google create project


Goto Google cloud console credentials page, and create an OAuth client ID

ToolJet - Google create client id


You'll be asked to select user type in consent screen. To allow only users within your organization, select 'Internal', otherwise, select 'External'.

ToolJet - OAuth user type


You'll be led to an app registration page where you can set OAuth scopes. Select 'Add or remove scopes' and add the scopes userinfo.email and userinfo.profile as shown in the image. This will allow ToolJet to store the email and name of the user who is signing in

ToolJet - OAuth scope


Set the domain on which ToolJet is hosted as an authorized domain

ToolJet - Google authorized domain


Lastly, supply the environment variable SSO_GOOGLE_OAUTH2_CLIENT_ID to your deployment. This value will be available from your Google cloud console credentials page

info

Restrict to your domain#

Set the environment variable RESTRICTED_DOMAIN to ensure that ToolJet verifies the domain of the user who signs in via SSO, on the server side. If you're setting this environment variable, please make sure that the value does not contain any protocols, sub domains or slashes. It should simply be yourdomain.com.

info

Restrict signup via SSO#

Set the environment variable SSO_DISABLE_SIGNUP to true to ensure that users can only log in and not sign up via SSO. If this variable is set to true, only those users who have already signed up, or the ones that are invited, can access ToolJet via SSO.


The Google sign-in button will now be available in your ToolJet login screen.