Zum Hauptinhalt springen
Deutsch
|
English

GOOGLECLIENTID - Detailed description

FM-Portal

IC0000
Administrator
FM-Portal

Overview

Parameters:GOOGLECLIENTID
Category: Login
Default value: string.Empty
Product: eTASK.Login

What does this parameter do?

GOOGLECLIENTID stores the Google OAuth 2.0 client ID for integrating Google Login into the eTASK portal. This parameter allows users to log in with their Google account instead of using separate eTASK credentials. When the parameter is set, a Google login button is automatically displayed on the login page.

What is this parameter used for?

  • Enabling the Google login feature on the login page

  • OAuth 2.0 authentication via Google accounts

  • Single Sign-On (SSO) for users with Google accounts

  • Integration of Google identity services into the eTASK portal

  • Simplifying the login process for organizations using Google Workspace

Technical Details (for Administrators)

Format: Text string (Google OAuth 2.0 Client ID)
Default value: string.Empty (empty)

Valid values:

  • Valid Google OAuth 2.0 Client ID (e.g., "123456789-abcdefghijklmnop.apps.googleusercontent.com")

  • Empty (string.Empty) if no Google login is used

Important notes:

  • The Client ID is generated via the Google Cloud Console for your project

  • If a Client ID is set, a Google login button is automatically displayed on the login page

  • Requires additional configuration in the Google Cloud Console (OAuth consent screen, authorized redirect URIs)

  • The client ID is publicly visible in the HTML meta tag of the login page

  • Google scripts are only loaded if the Client ID is configured

Interaction with other parameters:

  • AZURELOGINACTIVE: Controls the activation of Azure AD login (alternative SSO solution)

  • Other login parameters: Can be configured alongside Google login

When should you change this value?

Set the value (enter the Client ID) if:

  • You want to enable Google login for your eTASK installation

  • Your organization uses Google Workspace and wants to implement SSO

  • You want to offer users an alternative login method

  • A new Google Cloud Console project ID has been created for eTASK

  • The previous Client ID needs to be rotated for security reasons

Leave this field blank (string.Empty) if:

  • No Google login is required

  • Only standard login with eTASK credentials is to be used

  • Other SSO solutions (e.g., Azure AD, SAML) are preferred

  • The Google Cloud Console has not yet been configured

Important Notes

  1. Google Cloud Console configuration required
    The Client ID alone is not sufficient. You must also set up OAuth 2.0 credentials in the Google Cloud Console, configure the OAuth consent screen, and specify authorized redirect URIs for your eTASK domain.

  2. Publicly visible ID
    The client ID is not secret and is visible in the HTML code of the login page. It merely identifies your application to Google but is not a security token.

  3. Automatic UI adaptation
    Once the client ID is set, a Google login button is automatically displayed and the necessary Google scripts are loaded. The user interface adapts dynamically.

  4. Redirect URIs
    In the Google Cloud Console, you must enter the exact redirect URIs for your eTASK installation (e.g., https://ihr-etask-server.de/logon.aspx); otherwise, authentication will fail.

  5. User Identification
    Google users are identified by their email address. This must match the username or email address in the eTASK system.

Security

Does changing this parameter affect security?

Yes, enabling Google Login has a direct impact on authentication security and access to the system.

Positive aspects: * Uses Google’s secure OAuth 2.0 authentication * Reduces the number of passwords users need to manage * Benefits from Google’s security measures (2FA, detection of suspicious login activity) * Centralized user management via Google Workspace is possible

Points to note: * Dependency on Google services—login is not possible if Google services are down (unless alternative login methods are enabled) * The client ID is publicly visible, but this is not a security risk per se * Incorrectly configured redirect URIs can lead to failed logins * Users must exist in the eTASK system and have provided valid email addresses * If the Google account is compromised, access to eTASK is also possible

Data protection assessment: - Forwarding of authentication data to Google (third-party provider) - Google learns when users log in to eTASK - Privacy policy should mention Google login - GDPR compliance ensured by Google Cloud services (EU data protection guarantees)

Recommendation: Enable Google Login only if your organization already uses Google Workspace. Ensure that the Google Cloud Console is configured correctly and thoroughly test the login process. Maintain alternative login methods to ensure reliability.

Practical example

Initial situation: Your organization uses Google Workspace for email and collaboration. Employees are complaining about having too many different passwords. You want to implement single sign-on for eTASK via Google.

Configuration: 1. Google Cloud Console: Create OAuth 2.0 credentials 2. Enter the redirect URI: https://etask.ihr-unternehmen.de/logon.aspx 3. Copy the Client ID: "123456789-abc123def456.apps.googleusercontent.com" 4. GOOGLECLIENTID = "123456789-abc123def456.apps.googleusercontent.com"

After the change:

  • A "Sign in with Google" button automatically appears on the eTASK login page

  • Users click the Google button

  • Redirect to Google; user authenticates with Google account

  • Successful redirection back to eTASK with automatic login

  • No separate eTASK password required

Result: Employees can log in to eTASK using their familiar Google account. The number of passwords to remember is reduced, security benefits from Google’s 2FA mechanisms, and the IT department receives fewer password reset requests.

Alternative scenarios:

Scenario A - Parallel login methods:

  • Google login for regular employees with Google Workspace

  • Standard login as a fallback for external users or emergencies

  • Both methods available simultaneously

Scenario B - Migration to Google Login:

  • Gradual transition: Both methods initially available in parallel

  • User training on the new login procedure

  • Optionally disable standard login after the adjustment period

Recommended setting

For standard installations:string.Empty(empty, no Google login enabled)

Reason:

  • Not every organization uses Google Workspace

  • Requires additional configuration in the Google Cloud Console

  • Standard login is sufficient for most installations

Exceptions (Google Workspace usage):

  • Set GOOGLECLIENTID to your OAuth 2.0 client ID

  • Fully configure the Google Cloud Console

  • Thoroughly test the login process before going live

  • Train users on the new login method

notef5808e74-f92d-4026-b2cf-a479f0a81fb3

Tip: Always keep an alternative login method (standard login) active to ensure continued access to eTASK in case of issues with Google services. Document the Google Cloud Console configuration for future maintenance work.

War dieser Artikel hilfreich?