Admin Google SSO
This Magento 2 module allows you to sign in to your admin user account using your Google account. You can also configure to have admin accounts created automatically when someone logs in with their Google account.
Note: To run this plugin you need to install Google SSO library using following composer command:
php -dmemory_limit=4G /usr/bin/composer require league/oauth2-google
Setting up your OAuth credentials
Visit the Google Developer Console to create your OAuth credentials.
Visit the "Credentials" section Click "Create credentials" Choose "OAuth Client ID" Choose the "Web application" application type. When asked for "Authorized Redirect URIs", enter the URL given below, substituting https://example.com/admin/ with your Magento 2 administrator page.
Redirect URI: https://example.com/admin/google_sso/auth/callback
After you set up your OAuth 2 credentials, login to your Magento backend and navigate to Stores > Configuration > Advanced > Admin > Google SSO.
Change the module's status to "Enabled". Enter the Client ID you created in the Google Developer Console. Enter the Client Secret you created in the Google Developer Console. Click Save
After your configuration saves, clear your store’s cache if necessary. The next time you visit the Magento 2 backend login page, you should see a button to Sign in with Google.
You can enable “Auto Registration” which allows users with access to certain Google accounts to automatically have admin accounts created for them. This is especially useful for agencies who have multiple employees logging into a client’s admin.
You have the following available filter options:
Only allowing specific e-mails Allowing any e-mails in a domain Allowing any e-mails that match a regular expression
Disabling password authentication
You can disable the ability for a user to login to their admin account using a password automatically if they are registered using Google SSO by toggling the setting “Allow Auto-Registered Users To Use Password Login”. This is especially useful if you are in an work environment where when an employee loses their work e-mail, they should no longer be allowed to access client admin accounts.
This can also be toggled on a per-user basis, even if the user was not originally created using the auto-register feature.