Single Sign-On with Google

Note: The information in this topic is obsolete. To configure single sign-on with Google, use the OpenID Providers (SM303020) form, as described in Integrating MYOB Advanced with Open ID Identity Providers.
You integrate MYOB Advanced with Google if you want to allow employees of your organization to use their Google accounts to access your MYOB Advanced instance as well as Google services.
Attention: This functionality is available only if the Google and Microsoft SSO feature is enabled on the Enable/Disable Features form.

Requirements

If you plan to use this integration, we strongly recommend that you host your MYOB Advanced instance (or instances) over HTTPS. For more information, see Setting Up an HTTPS Service in Web Server (IIS).

Configuration Steps

The configuration of single sign-on (SSO) with Google for your MYOB Advanced instance consists of the following steps:

  1. You register your MYOB Advanced instance with Google and obtain the OAuth 2.0 credentials, including the client ID and client secret. For details, see To Register an MYOB Advanced Instance with Google.
  2. You enable SSO with Google in your MYOB Advanced instance by using the client ID and client secret you obtained in the previous step, as described in To Enable SSO with Google.
    Tip: You can enable and disable SSO with Google for your MYOB Advanced instance at any time because MYOB Advanced uses SSO with Google only for verifying user identities. Users can still authenticate themselves by using their MYOB Advanced credentials.
  3. Optional: You activate SSO with Google on the Users (SM201010) form for each user who will use his or her Google account for authorization in MYOB Advanced. Alternatively, each user can activate SSO with Google for himself or herself on the User Profile (SM203010) form. For details, see To Activate Your Google or Microsoft Account.
  4. Users of your MYOB Advanced instance associate their MYOB Advanced accounts with their Google accounts. They can do this in either of the following ways:
    • Users click the Associate User button on the User Profile form (for details, see To Activate Your Google or Microsoft Account). The system registers the unique user key associated with the user's Google account with the user's MYOB Advanced account. This way can be used if users activate SSO with Google for their accounts on their own.
    • If the value of the selfAssociate parameter in the externalAuth subsection of the px.core section of the web.config file is true (which is the default value), users click the Google icon () on the Welcome page of MYOB Advanced, and the system suggests that they enter the credentials of an MYOB Advanced user that should be associated with the Google account. This way can be used when you activated SSO with Google for each user.
  5. Optional: You configure your MYOB Advanced instance to automatically redirect users to the Google sign-in page, as described in To Enable Silent Logon.
    Tip: Before you turn on silent logon with Google, ask your users if all of them can sign in to MYOB Advanced with their Google accounts.

User Authentication

After you have integrated MYOB Advanced with Google account, users use SSO with Google services to sign in to MYOB Advanced. By default, each user follows these steps:

  1. On the Welcome page of the MYOB Advanced instance, the user clicks the Google icon () to open the Google sign-in page.
  2. On the sign-in page, the user enters his or her Google account credentials.

To simplify the procedure, you can configure silent logon with Google. For more information, see To Enable Silent Logon.

Attention: If you configured a multicompany instance and selected the Secure Tenant on Login option on the Tenant Setup page (see Managing Tenants Locally), then users with access to several companies, who sign in to MYOB Advanced using single sign-on with an external identity provider, will be logged in to the first company with enabled single sign-on.