This KB is relevant to users on versions 9.0 and above.
Both the front-end and back-end Google OAuth features require a one-time setup on the Google Apps side before they can be used with the Cipafilter:
Then click API reference;
Then, under the API access section, check Enable API access.
A Save changes button will appear at the bottom of the page; click it.
Note: This setting change can take up to 24 hours to take effect.
- Log in to the Google Developers Console via console.developers.google.com. If you cannot access the Developers console by direct link, you can enable the service by navigating to the Apps page in the Admin console and then clicking on Additional Google services.
Turn the Developers Console on from here:
- From the Projects page of the Developers Console, click Create Project. You will be prompted for a project name and ID; enter
Cipafilter OAuth for the name (the ID can be left as the default), then click Create.
- After a moment, you should be directed to the Project Dashboard for the new project (if not, go back to Projects and click on the new project name). On the left-hand side of the screen, click APIs & auth, then APIs.
- Under the Browse APIs section, locate the Admin SDK and Google+ API options, and enable each by clicking the button to the far right of their names (under the Status column). Note: This setting change can take up to 24 hours to take effect.
- On the left-hand side of the screen, under APIs & auth, click Credentials.
- Under the OAuth section, click Create new Client ID.
- Select Web application (if not already selected) and then click Configure consent screen.
- Under Consent screen, enter at the very least your e-mail address and a project name (most of this information is used on the Web prompt the user sees when authenticating from the portal); then click Save.
- You will be returned to the Create Client ID screen; make sure Web application is still selected.
- In the Authorized redirect URIs field, paste the Redirect URIs listed on the Authentication tab of the Content Filtering page.
- Click Create Client ID.
- After a moment, you will see a table of information next to the OAuth section. This information will be used to configure the Cipafilter.
Having completed the initial configuration on the Google side, you should be able to configure the Cipafilter itself:
- In another tab or window, access the Cipafilter Web interface, then navigate to the Content Filtering page, then to the Advanced Configuration tab, and scroll down to Google OAuth Settings.
- Paste the Client ID from the Google Developers Console into the Client ID for Web Application field on the Cipafilter.
- Paste the Client Secret from the Google Developers Console into the Client Secret for Web Application field on the Cipafilter.
- Enter your Google Apps domain name (e.g., yourdomain.com) into the Google Apps Domain field.
- Click Save and Apply.
- On the same page, click Authorize a Google Domain Administrator Account. Note: You must be filtered behind the Cipafilter for this link to work correctly.
- You will be redirected to Google. If prompted to log in, do so. Note: that you must use an account that has administrator access to the Google Apps domain you're configuring. Google will prompt you to allow Cipafilter's OAuth feature to view user and group information the domain; click Accept.
After following all of the steps above, you should be redirected back to the Cipafilter's Content Filtering page, where the Google Access Token field should show OK. At this point, you should be able to select any of the Google OAuth-related features you'd like to use — see those options' respective descriptions for more information.
Please be aware that interface options are subject to change at Google's Discretion.