Google Workspace configuration for Google login on EasyHour

In order to integrate your company domain powered by Google Workspace / G Suite with EasyHour the only required action is selecting "Google Workspace" as the login type. However, this will only load basic profile information (name, surname, e-mail); to load more fields like company branch (Floor), job title (Job title) and department (Department) a domain administrator will have to perform further actions on Google Workspace admin panel.

Once Google login is set up, employees will be able to log in on EasyHour with no need to create any account in advance. User authentication will happen on Google servers using their mail credentials.

Preliminary EasyHour configuration

First of all, you need to set the login type. In Company > Employees > Login Configuration select "Google Workspace".

In the "Domain" field enter the company domain, e.g. if your corporate e-mail is name.surname@company.com then enter company.com as the domain. The domain will be used to identify your employees, so in this case only users with an @company.com account will be able to log into EasyHour.

Click the "Save" button.

Google Workspace configuration for profile info

This configuration is only needed to load full profile info (company branch, job title, department).

Log in as administrator on Google Workspace console then perform the following actions:

  1. Apps > Google Workspace Marketplace apps > Apps list
  2. Add app to admin install list
  3. Search for "easyhour" (or click on direct link)
  4. Press "Admin install"
  5. Accept license terms and click on "Finish"

Log in as administrator on Google console then perform the following actions:

  1. From the Home page, go to Security  API controls.
  2. Under App access control, click MANAGE THIRD-PARTY APP ACCESS.
  3. Add a filter to find the EasyHour app in the list. Enter "EasyHour" in the Contains field, and click APPLY.
  4. Check the box for EasyHour and click Change access
  5. Choose the Trusted option to allow access to all Google services.
  6. Click CHANGE.

Google Workspace configuration for user sync

This configuration is only needed for user synchronization (creating new users and disabling removed users).

Log in as administrator on Google Workspace console then perform the following actions:

  1. Security > API Controls > Domain-wide Delegation > Add new
  2. Set 109745399458779327918 as Client ID and https://www.googleapis.com/auth/admin.directory.user.readonly as OAuth Scope, then Authorize 
  3. In Account > Admin Roles add a new role User List with permissions Organizational Units > Read and Users > Read
  4. Click on the new role > Admins > Assign Service Account and add the value easyhour-server-to-server@easyhour-app.iam.gserviceaccount.com
  5. Save