Single Sign-On (SSO) with Google

Enable Live App users to log in with their Google account. This secure authentication method allows users to access your app seamlessly using their existing Google credentials.

Enable Google SSO for Protected Pages in Knack

Google SSO

A Google Project must first be created on the Google Developers Console. Once added, click on the Credentials tab, the "Create Credentials" link, and choose "OAuth Client ID":

Complete the highlighted sections as detailed in the images below, then click "Create":

Enter the information specific to your account in the fields as shown below:

In the Authorized JavaScript origins field, enter:

https://apps.knack.com

Enter your account and app slug in the Authorized redirect URI:

https://apps.knack.com/accountslug/appslug

Example: https://apps.knack.com/ziggy/legalapp

Note: Both URIs must match your login page's URL and share the same domain

A Client ID and Client secret will be generated. Save your changes.

Enable Google SSO for Protected Pages in Knack

Open Page Settings for any protected page
Go to the Access tab
Click "Add Google SSO"
Enter the credentials generated from the Google Console:
- Paste the Client ID
- Paste the Client Secret
- Optional: Add domain restriction
  - This restricts Google SSO access, only allowing users within the specified domain to log in, and preventing users from other domains from logging in.
Check "Enable Google SSO"
Save changes

Once enabled:

Users can sign in with Google credentials
Google SSO can be activated on other protected pages
Sign-up and login options automatically update in the Live App

GoogleSSO3

GoogleSSO4

GoogleSSO5

GoogleSSO6

Note: When users sign in with Google:

Their name and email import automatically from Google
User roles are assigned based on the login page's permissions:
- Single role: User gets that role
- Multiple roles: User receives all roles configured for that page