Modern authenticationRegistering authorization providers in Token VaultRegister a Google authorization provider in Token Vault

Register a Google authorization provider in Token Vault

To register a Google authorization provider for Token Vault, you need to access the Token Vault with Token Vault administrator credentials.

This topic describes the second configuration task in the process of setting up an SMTP via LDAP connector and/or the Notification service with Google's Gmail SMTP server to use modern authentication.

Perform this task in Token Vault after you have successfully registered a Google application for Token Vault on the Google Cloud Platform Console portal.

To register a Google authorization provider in Token Vault, perform the following steps.

  1. Launch Token Vault. Enter the Token Vault URL into the address bar of your browser according to your Token Vault configuration in the following format:

    https://<FQDN>:<port>/

    where:

    • FQDN is the fully qualified domain name of the Token Vault machine.

    • port is the value of the HTTPS Port setting configured on the Token Vault Server Settings page in case of https usage.

    For example: https://tokenvaultmachine.testdomain.com:8381.

  2. Log in with your Token Vault administrator credentials in either of the following ways, depending how your Token Vault Authentication settings are configured:

    • Enter your Windows User name in domain\username format, then enter your Password and click Log in.

    • Log in with your Azure Active Directory user by clicking Sign in with Microsoft.

    The first account to log in to Token Vault automatically receives administrator rights.

  3. Click Manage Authorization Providers on the left.

    The list of already-registered providers is displayed.

  4. Click Register new at the bottom.
  5. Select the Google authorization provider from the list.

    The new Authorization Provider configuration page appears.

    • Token Vault generates this new authorization provider with the New Google authorization provider name.

      Change the default name according to your needs.

      Authorization Provider names must be unique in Token Vault.

    • Provider ID is a unique and automatically-generated ID.

      This ID must always be sent by the client application (such as the eCopy ShareScan SMTP via LDAP connector or the Notification service) requesting authentication tokens from Token Vault.

      The Redirect URI is generated automatically from the currently open Token Vault site URI.

      This URI must be configured as an Authorized redirect URI for the Google application registered for Token Vault on the Google Cloud Platform Console portal.

  6. Copy the generated Provider ID for later use.

    It is required for the configuration of the SMTP via LDAP connector and/or the Notification service with Google's Gmail SMTP Server with this Token Vault Authorization Provider.

  7. Enter your Client ID and Client Secret (provided by Google Cloud Platform Console portal during application registration task).
  8. In the Scope Sets list, add Gmail to use this authorization provider for the eCopy ShareScan SMTP via LDAP connector profiles and/or the Notification service with Google's Gmail SMTP server and modern authentication. Click Save.
  9. Click Enable under the Authorization Provider to enable it.

    To disable the Authorization Provider for users, click Disable.

  10. Click Edit if you want to modify any properties of the Authorization Provider.
At this point, Token Vault is connected to Google and enabled for users to authorize.