[V5.0.3 or later]

Using OpenID Connect with Google

By using OpenID Connect, you can log in to the Developer Portal with Google credentials.

Before you begin

  • You must have administrator access to complete this task.

  • Portal Delegated User Registry must be selected in the API Manager UI. For more information, see Portal Delegated User Registry.

  • You must also have an account with Google.

Important:
  • If the Portal Delegated User Registry is selected for a Catalog, the Developer Portal REST APIs cannot be used to gain access to the content in that Catalog, and portal analytics is disabled. This restriction is because the user management is delegated to the Developer Portal, and consequently the management server can no longer provide user authentication. You also cannot enable two-factor authentication for the Developer Portal.
  • The Portal Delegated User Registry (PDUR) feature is not available in IBM® API Connect Version 2018, as additional user security options are available on the Management server. For a simpler migration process from Version 5 to Version 2018 (when the tooling is available), it is recommended to not use PDUR.

About this task

The OpenID Connect module can be used along with Google credentials to enable quicker and easier access to the Developer Portal.

Note: Users can configure two-factor authentication (TFA) within their social provider credentials, such as Google, to add a further level of security. With TFA configured, users would log in to the Developer Portal site with a verification code in addition to their username and password.

Procedure

  1. Obtain the necessary Client ID and Client secret from Google that is needed for OpenID Connect in the Developer Portal:
    1. Log in to the Google developers site, for example https://console.developers.google.com.
    2. Create a project, and then search for and enable the following APIs:
      • Identity toolkit API
      • Google+ API
      Enabling the Google+ API means that actual user names are displayed in the Developer Portal, rather than internal OpenID Connect strings.
    3. From within the Google+ API, create the Client ID credentials for a web application. In the Configure consent screen enter the Product name that is shown to the user. Set the Authorized Redirect URIs field to https://site_url/openid-connect/google.
      After you have created the Client ID credentials, the Client ID and Client secret are displayed. The Client ID and Client secret are required to enable OpenID Connect in the Developer Portal.
  2. Enable the OpenID Connect module in the Developer Portal:
    1. Log in to the Developer Portal as the administrator.
    2. On the administrator dashboard, click Modules.
    3. In the Modules window, search for and enable the OpenID Connect module, then click Save configuration.
  3. Enable OpenID Connect with Google:
    1. On the administrator dashboard, click Configuration > Web services > OpenID Connect.
    2. In the Enabled OpenID Connect clients section in the OpenID Connect window, select the Google check box.
    3. In the Google section, enter your Google Client ID and Client Secret in the corresponding fields.
    4. Click Save configuration.
      OpenID Connect with Google is enabled, and the Google icon appears on the account login window in the Developer Portal.

What to do next

On the login window in the Developer Portal, click the Google icon to allow the necessary permissions to enable the use of OpenID Connect.