Hanzo
PlatformHanzo KMSPlatformSSO

Google SSO

Learn how to configure Google SSO for Hanzo KMS.

Using Google SSO on a self-hosted instance of Hanzo KMS requires configuring an OAuth2 application in GCP and registering your instance with it.

Navigate to your project API & Services > Credentials to create a new OAuth2 application.

GCP API services GCP create new OAuth2 application

Create the application. As part of the form, add to Authorized redirect URIs: https://your-domain.com/api/v1/sso/google.

GCP create new OAuth2 application form

Obtain the Client ID and Client Secret for your GCP OAuth2 application.

GCP obtain OAuth2 credentials

Back in your Hanzo KMS instance, make sure to set the following environment variables:

  • CLIENT_ID_GOOGLE_LOGIN: The Client ID of your GCP OAuth2 application.
  • CLIENT_SECRET_GOOGLE_LOGIN: The Client Secret of your GCP OAuth2 application.
  • AUTH_SECRET: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with openssl rand -base64 32.
  • SITE_URL: The URL of your self-hosted instance of Hanzo KMS - should be an absolute URL including the protocol (e.g. https://app.kms.hanzo.ai)

Once added, restart your Hanzo KMS instance and log in with Google

FAQ

It is likely that you have misconfigured your self-hosted instance of Hanzo KMS. You should:

  • Check that you have set the CLIENT_ID_GOOGLE_LOGIN, CLIENT_SECRET_GOOGLE_LOGIN, AUTH_SECRET, and SITE_URL environment variables.
  • Check that the Authorized redirect URI specified in GCP matches the SITE_URL environment variable. For example, if the former is https://app.kms.hanzo.ai/api/v1/sso/google then the latter should be https://app.kms.hanzo.ai.

How is this guide?

Last updated on

SSO Overview

Learn how to log in to Hanzo KMS via SSO protocols.

Google SAML

Learn how to configure Google SAML for Hanzo KMS SSO.

On this page

FAQ