Skip to main content

Google Workspace Integration

Connect IronWifi to Google Workspace (formerly G Suite) to authenticate WiFi users with their Google accounts, automatically sync users and organizational units, and enable seamless social login on your captive portal.

Features

  • User Synchronization - Import users from Google Workspace
  • Group Synchronization - Sync organizational units and groups
  • Google Authentication - Users authenticate with Google credentials
  • Auto-provisioning - Automatically create users on first login

Prerequisites

  • Google Workspace administrator account
  • IronWifi account with Connector access
  • Google Cloud project (for advanced integrations)

Basic Setup

Enable Google Authentication

For captive portal social login:

  1. Navigate to Captive Portals > your portal
  2. Go to Authentication Providers
  3. Enable Google
  4. Configure OAuth settings (or use IronWifi's default)

User Synchronization

Sync users from Google Workspace:

  1. Navigate to Connectors > Add Connector
  2. Select Google Workspace
  3. Click Authorize
  4. Sign in with Google Workspace admin account
  5. Grant requested permissions
  6. Configure sync settings

Advanced Setup with Custom OAuth

For full control, create your own Google Cloud OAuth app:

Step 1: Create Google Cloud Project

  1. Go to Google Cloud Console
  2. Create a new project
  3. Enable these APIs:
    • Google+ API
    • Admin SDK API
    • People API
  1. Navigate to APIs & Services > OAuth consent screen
  2. Select Internal (for Workspace users only) or External
  3. Enter app information:
    • App name: IronWifi
    • User support email
    • Developer contact
  4. Add scopes:
    • email
    • profile
    • openid

Step 3: Create OAuth Credentials

  1. Go to APIs & Services > Credentials
  2. Click Create Credentials > OAuth client ID
  3. Select Web application
  4. Add authorized redirect URIs from IronWifi
  5. Copy Client ID and Client Secret

Step 4: Configure IronWifi

  1. Navigate to connector settings
  2. Enter your Client ID and Client Secret
  3. Save configuration
  4. Test authentication

Synchronization Options

What Gets Synced

GoogleIronWifi
EmailUsername
NameFull Name
Organizational UnitOrganizational Unit
GroupsGroups
StatusStatus

Sync Settings

SettingDescription
Auto-syncEnable scheduled synchronization
Sync intervalHow often to sync (hourly, daily)
Include suspendedSync suspended Google users
OU filterOnly sync specific organizational units

Manual Sync

Trigger immediate synchronization:

  1. Navigate to the connector
  2. Click Sync Now
  3. Monitor progress
  4. Review results

Authentication Methods

RADIUS with Google Credentials

Enable users to authenticate to WPA-Enterprise using Google credentials:

  1. Configure Google Connector
  2. Enable RADIUS Authentication
  3. Set Authentication Source for users to google
warning

This requires the Google Secure LDAP or Cloud Identity features. Some Google Workspace editions may not support this.

Captive Portal with Google Login

Enable Google social login on splash pages:

  1. Enable Google authentication provider
  2. Add Google domains to Walled Garden: 
    accounts.google.com
    *.googleapis.com
    *.gstatic.com

Restricting Access

By Domain

Only allow users from specific domains:

  1. In connector settings
  2. Set Allowed Domains
  3. Enter your domain(s)

By Organizational Unit

Only sync users from specific OUs:

  1. Configure OU filter
  2. Select OUs to include
  3. Save and sync

By Group

Only allow members of specific groups:

  1. Enable group-based filtering
  2. Select allowed groups
  3. Non-members will be denied

Troubleshooting

Authorization Failed

  • Verify admin credentials
  • Check required API scopes
  • Confirm Workspace admin status

Users Not Syncing

  • Check OU filter settings
  • Verify user status in Google
  • Review sync logs for errors

Authentication Failed

  • Verify user exists in IronWifi
  • Check authentication source setting
  • Confirm Google account is active

Best Practices

  1. Use dedicated admin account for connector authorization
  2. Enable auto-sync to keep users current
  3. Filter by OU to only sync relevant users
  4. Monitor sync logs for failures
  5. Test with single user before bulk operations