Crystal Docs
English
English
  • Welcome
  • Fundamentals
    • Crystal
    • Crystal Topics
  • Crystal Advisor
    • Access to Crystal
      • Signup
      • Login
      • Discover the Advisor
        • Notifications
        • Account
    • Talk to Your Data
      • Conversation
        • Request Topics
          • Entity-Based Conversation
          • Context Memory
          • Autocomplete
        • Request a Data Analysis
        • Disambiguation
    • Explore Your Data
      • Suggestions
      • Topics Overview
      • Filter Topics
      • Ask Topics
      • Past Questions
      • Change Chart
    • Analyze Your Data
      • Automated Insights
      • Insight Analysis
      • Alerts
        • Anomaly Detection
        • Threshold Monitoring
        • Topic Scheduling
      • Forecasting (Beta)
    • Report and Discuss Your Data
      • Export Topic
      • Share Topic
      • Data Storytelling
    • Customize Your Experience
      • Choose Language
      • Choose Theme
    • Crystal on Mobile
      • Siri & Shortcuts
    • Crystal on Microsoft Teams
      • Download Crystal on Teams
  • Crystal Console
    • Configure Crystal
      • Discover the Console
      • Choose Project Settings
      • Prepare Your Data
    • Create Topics
      • Topic Creation: Overview
      • Topic Creation: Connect
        • Supported Data Sources
        • Supported Data Fields
        • Manage Data Sources
        • Tutorials for Specific Data Sources
          • Connect Google Sheets
          • Connect Google BigQuery
          • Build a Web Connector
      • Topic Creation: Configure
        • Objectives and Visualizations
        • Data Binning
        • Configure Custom Entities
        • Configure Key Values
        • Modify Data Table
      • Topic Creation: Filter
      • Topic Creation: Train
      • Topic Creation: Topic Details
      • Topic Creation: Set Permissions
      • Topic Creation: Review and Publish
      • Specifc Visualizations Guides
        • Build a List Table
        • Build a Single Line Chart
        • Build a Multi-Line Chart
        • Build a Ranking Table
      • Topic Creation: Custom Topic Titles
      • Topic Statuses
      • Data Preview
      • Manage Your Entities
    • Manage Users
      • Discover the Users Area
      • Invite Users to Crystal
        • Invite Users Manually
        • Invite Users via Identity Providers
          • Enable the Microsoft Identity Provider
          • Enable the Google Identity Provider
      • Create and Manage Groups
      • Manage Permissions
  • Limitations
    • Limitations on Crystal Advisor
    • Limitations on Crystal Console
  • Support
    • Support on Crystal Advisor
    • Support on Crystal Console
  • Release Notes
    • 2024
      • Crystal Web
        • Crystal Web v2.59
        • Crystal Web v2.58
        • Crystal Web v2.57
        • Crystal Web v2.56
      • Crystal Mobile
        • Crystal Mobile v3.1.7
        • Crystal Mobile v3.1.6
        • Crystal Mobile v3.1.5
        • Crystal Mobile v3.1.4
        • Crystal Mobile v3.1.3
        • Crystal Mobile v3.1.2
        • Crystal Mobile v3.1.1
        • Crystal Mobile v3.1.0
        • Crystal Mobile v3.0.39
        • Crystal Mobile v3.0.38
    • Archive
      • 2023
        • Version 2.55
        • Version 2.54
        • Version 2.53
        • Version 2.52
        • Version 2.51
        • Version 2.50
        • Version 2.49
        • Version 2.48
        • Version 2.47
        • Version 2.46
        • Version 2.45
        • Version 2.44
        • Version 2.42
        • Version 2.41
        • Version 2.40
        • Version 2.39
        • Version 2.38
      • 2022
        • Version 2.37
        • Version 2.35
        • Versions 2.29-2.30
        • Versions 2.27-2.28
        • Version 2.26
        • Versions 2.24-2.25
        • Version 2.23
        • Version 2.22
        • Version 2.21
        • Version 2.20
        • Version 2.19
        • Version 2.18
        • Version 2.17
      • 2021
        • Version 2.15
        • Version 2.14
        • Version 2.13
        • Version 2.12
        • Version 2.11
        • Version 2.10
        • Version 2.9
        • Version 2.8
        • Version 2.7
        • Version 2.6
        • Version 2.5
        • Version 2.4
        • Version 2.3
        • Version 2.2
        • Version 2.1
Powered by GitBook
On this page
  • Step 1 - Create and configure a service account
  • Step 2 - Create and configure the OAuth client ID
  • Step 3 - Configure the new IDP in the Crystal Console

Was this helpful?

  1. Crystal Console
  2. Manage Users
  3. Invite Users to Crystal
  4. Invite Users via Identity Providers

Enable the Google Identity Provider

This page describes how to enable the Google IDP for the Login.

PreviousEnable the Microsoft Identity ProviderNextCreate and Manage Groups

Last updated 1 year ago

Was this helpful?

To let Member Users log in to Crystal with their Google credentials, the Admin User must first setup Google as an Identity Provider.

To do so, as an Admin, you must follow a process that involves both Google Cloud Platform and Crystal.

Please follow through this tutorial.

Please Note

Step 1 - Create and configure a service account

First of all, you need to create a Google Service account with the correct privileges and domain-wide delegation.

1a) Create service account

  1. from the top menu, select "Create Credentials" → "Service Account"

  1. choose a name for your service account and skip all the optional steps

Once you’ve done, you should see your new Service Account details.

1b) Configure the service account

In order to make the proper API calls, you need to enable workspace delegation and add a key to the Service Account:

  1. select the Service Account you just created from the list under the “Service Accounts” section

  1. under the details, check the “Enable Google workspace domain wide delegation” checkbox

  1. in the “keys” tab, select "Add key" → "Create a new key"

  1. save the downloaded file to a known location: you’ll be required to upload it later while configuring Crystal

1c) Enable Admin SDK API

In order to be capable of performing API calls to the Google Workspace Admin APIs and retrieve details about Users and Groups, you must:

  1. browse APIs from "APIs & Services" → "Dashboard" on the main menu

  1. click on "Enable APIs and services"

  2. search for “Admin SDK”

  1. select Admin SDK API

  1. Enable the API (if it’s not yet enabled)

1d) Enable domain wide delegation

To authorise your Service Account to perform the specific tasks that we need, you must:

  1. go to "Security" → "API controls" (if you don’t see Security click before on “Other”)

  1. scroll down until the domain wide delegation section and select “Manage domain wide delegation”

  1. select “Add new” and fill-in the details. Client ID is your service account client id. You also need to add the following two OAuth scopes:

https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.user.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly

Step 2 - Create and configure the OAuth client ID

To enable the Login with Google feature, you need to create a web application

  1. go again to "APIs & Services" → "Credentials"

  2. click on "+ Create credentials"

  3. select “OAuth client ID”

If you haven’t already, GCP will ask you to configure the consent screen

  1. click on “configure consent screen"

  2. select user type: Internal

  3. click on "Create"

  4. return to "APIs & Services" → "Credentials" and click on "+ Create credentials"

  1. You can now proceed with the OAuth Client ID configuration. Fill the form with descriptive names. The most important thing is to add as Authorized redirect URI the crystal oauth2 redirect url

https://tenant−name.crystal.ai/login−manager/login/google/completehttps://{tenant-name}.crystal.{ai}/login-manager/login/google/completehttps://tenant−name.crystal.ai/login−manager/login/google/complete

Replace {tenant-name} with the name of the domain you’ve chosen for your Crystal Project

  1. once you’ve created it, save the client id and client secret. You’ll need them to complete the IDP configuration on the crystal console in step3. You can either copy and paste them into a location of your choosing, or download the JSON file.

Step 3 - Configure the new IDP in the Crystal Console

The last step will be performed inside the Crystal Console:

  1. from the Users Tab, under "Identity Provider", select "Add new IDP"

  1. select Google Workspace as connection type

  1. Fill-in the required fields with the correct values and upload the secret account key you downloaded in Step 1b

The inboxes refers to the OAuth2 Client (Step 2), the Secret Account key refers to the Service Account (Step 1).

Remember

  • Admin user: the email address of the admin user of your organization

  • Domain: the Google Workspace main domain of you organization

  • Client ID: the client id you copied in Step 2 (OAuth2 client ID)

  • Redirect URI: the redirect uri configured in Step 2 (OAuth2 client ID)

  • Secret value: the client secret you copied in Step 2 (OAuth2 client ID)

Here’s an example of correct fields:


Identity Providers can also be used to .

login into your . Be sure to select the correct project or create a dedicated one for Crystal

Select "APIs & Services", then

go to "API and Services" →

login into

If the connection succeeds, you’ll be capable to from Google Workspace and enable the Login via Google credentials for them (and to easily create ).

create new Groups
Google Cloud Platform
"Credentials"
"Credentials"
https://admin.google.com
invite Users
new groups
Login with Google IDP