To improve your own security you can add Google OAuth to Mention Me so that your employees can access Mention Me by logging in with Google. They will no longer need their password and you can manage their authentication from your own Google console.
Account provisioning and the roles for each account are still managed within Mention Me.
We currently support authentication via Google, Okta, Auth0 and Azure AD. If you would like to use an alternative OAuth source please talk to your Client Account Manager.
The Security page in the Edit Brand menu item lets you set up Google OAuth on the Mention Me side.
Feature overview
If desired, Mention Me can perform authentication via Google OAuth, for users that have accounts registered with Google Workspace.
- Clients using Google Workspace can authenticate Mention Me users via Google accounts.
- Users log in to Mention Me by authenticating with their Google account.
- When enabled, Mention Me authenticates users only with Google OAuth (email/password access will cease)
- For users with access to more than one Brand, users will be able to access the platform via any of the login mechanisms for those Brands (either OAuth or email/password as configured)
- Note that: When enabling Google OAuth, only accounts whose email address matches the configured domain will be able to authenticate. All other accounts will lose the ability to log in.
Preliminary requirements
Using Google OAuth requires the following:
-
A Google Workspace account for the organization.
-
A domain controlled by the organization and registered to the Google Workspace account.
- Users with email addresses in the domain associated with the Google account.
Enabling authentication with Google OAuth
Enabling authentication with Google OAuth requires an administrator to perform steps both on the Google side, and on the Mention Me side, as described in the following sections.
Setup on the Google side
The steps for enabling Google OAuth on the Google side are described below. Google’s generic description of these steps is on the Google support page on setting up OAuth 2.0. You can find documentation on the Google Dev Console from the Google Cloud Platform Console Help page.
- Go to the Google Cloud Platform Console.
-
Create a new project
-
Visit APIs & Services > Credentials
-
In the Credentials page, click the down arrow in the Create credentials button, and select OAuth client ID from the drop-down menu.
-
Google requires that you configure an OAuth consent screen, which allows your users to choose how to grant access to their private data and provides a link to your organisation’s terms of service and privacy policy. Click Configure consent screen. (If you have configured OAuth consent for a previous project, you will not see this option, and you can skip this and the next step.)
You can configure this screen for all applications in your project, including both internal and public applications. Google will perform a verification for public applications if any of these are true:
- The application uses Google APIs that use restricted or sensitive scopes.
- The OAuth consent screen includes an application logo.
- The project has exceeded the domain threshold.
When configuring the Mention Me side for Google OAuth, you have the option to limit access to specific domains.
Mention Me requires only the default scopes, so no additional scope configuration is required.
Mention Me does require an entry in the Authorised domains field. Enter the domain of the URL to Mention Me
mention-me.com
. -
Configure your OAuth consent screen and click Save.
-
Under Application type, select Web application:
Google displays the rest of the Create OAuth client ID page.
-
In the Name field, enter a name for your OAuth client ID.
-
In the Authorized JavaScript origins field, enter the URL to Mention Me,
https://mention-me.com
-
In the Authorized redirect URIs field, enter the URL found in the steps on the Mention Me side below. For example (where xxxx will be specific to your account): https://mention-me.com/oauth/google/client/redirect/xxxx
-
Click Create.
Google displays your client ID and your client secret.
-
Copy your client ID and your client secret values — you will need them to configure Mention Me below.
-
Click OK.
Setup on the Mention Me side
The steps for enabling Google OAuth on the Mention Me side are below.
-
From the Mention Me platform, while logged in as an administrator, go to Settings & Brands and then Merchant Settings
-
Under the Security group, find the Single Sign On configuration section.
-
Choose Google from the SSO options (this is currently the only choice)
-
Enter your Google Auth Settings:
- Client ID and Client Secret - Copy and paste these values from the Google OAuth client page, as in the Google setup instructions above.
-
Domains - Your organisation’s Google-managed domain name. Only users with an email address and account with this domain can log in to your Mention Me account.
(We are adding the ability to have multiple domains in the future)
WARNING: Only enter Google domains controlled by your organisation. Entering any other domain could open access to users of a domain you do not control.
When you save changes, your changes will be applied to all users and they will no longer be able to login via their email/passwords.
NOTE: Mention Me has a live and a demo platform. If you want login for your users to work seamlessly across both platforms you'll need to do the steps above in the demo platform as well as the live one.
You can use the same Client ID and Client Secret. You'll need to add two separate redirect URIs.
Tips
-
In Google you can click on Account in the personal drop-down (next to your email address on the top right of a Google Workspace page) to manage your own account.
On that management page there is a Security tab with an Account Permissions section. Clicking on Apps and websites View all lets you (as a user) see and manage the services and apps to which you have granted permissions.
Clicking on the Mention Me permissions that you granted in order to log on shows the details that users see in the consent screen that you customised above. You can also click Revoke access so that the next time you log in to Mention Me you will be re-prompted with the consent screen. You can use this workflow to help you customise your consent screen and view what users will see.
Sample Email for rolling out the change to your users
Hi
- We're switching from using an email/password on the platform to using "Login via Google".
- This applies across both the live and demo platforms of Mention Me.
- It's better for security and easier to administer accounts internally
- It's also more convenient for you - one less password to keep track of
- You'll stop being able to login with your email/password and instead will need to click on a "Login via Google" link at the bottom of the login form on Mention Me
- The first time you click this you'll need to enter your [domain] email address so the platform can identify you
- The second and subsequent times you'll just click it and it should log you in
Disabling Google Auth once it has been enabled
If you’d like to disable Google Authentication for your Mention Me platform after it has already been enabled, just bear in mind that:
- Users can return to using email login and password, but users created since SSO was being used will not know or be sent their passwords. They will need to perform a reset password (or you can trigger it via Mention Me) in order to receive a link to be able to recover their passwords.