Ctrl+K

Feide login with Google#

Google login is used for authentication on services like Google Workspace for Education, Google Classroom, and Google Drive. To access these services, users must sign in with a Google account. Logging in to Feide using Google makes it easier for the users to access their services. The user can use the same account regardless of whether they need to log in to service in Feide or the Google single sign-on ecosystem. And, if the user is using a device, like a Chromebook, that is already signed in with a Google account, they can easily access Feide services without having to sign in again.

Note

There are some limitations to be aware of when using Google login with Feide.

First, the normal Feide logout flow will not work with Google. When a user logs out of Feide, they will still be logged in to their Google account.

  • If a user is using a Chromebook, Feide will show an information message about how the user can log out of their device to complete the logout process.

  • If a user is using a different device, Feide will redirect the user to the Google logout page to log out of their Google account, and the logout process will end there.

This means that Feide cannot log the user out of other Feide services that support SLO (Single Logout) when the user logs out of Feide. The user will need to log out of those services separately.

Second, if a service requests a reauthentication of the user, Feide will show the login page, and a message explaining that Google does not support reauthentication, so the user will need to log in using a different method if applicable. Failing that, the user will need to log out of their Feide account and return to the service to log in again.

And finally, there is no way for Feide to determine whether the user used a second factor when logging in to their Google account. For users requiring strong authentication in Feide, this means that they will need other methods available on the Feide side, and use one of these when required.

Below are the steps to configure Feide login using Google.

1. Match Google email to Feide user#

To be able to authenticate a user in Feide using Google, Feide must match the user logging in using Google to a Feide user in the organizations Feide directory.

To match the user, the email claim from Google containing the email address of the user is used.

Feide will try to match the value of this email claim with the eduPersonPrincipalName and mail attributes in the Feide directory. Either the value must match the eduPersonPrincipalName attribute, or the value must match the mail attribute. In order to match the eduPersonPrincipalName attribute, the value from Google must have the same domain part as the organization’s Feide domain. For example, if the organization has the Feide domain example.org, the email address from Google must have the domain part @example.org for Feide to try to match the eduPersonPrincipalName attribute. If the email address from Google does not have the same domain part as the organization’s Feide domain, it can still match the mail attribute if there is a user in the Feide directory with a matching email address in the mail attribute.

If multiple users match the email address from Google, Feide will not be able to determine which user is logging in and the login will fail. To avoid this, make sure that there is only one user in the Feide directory with a matching email address in either the eduPersonPrincipalName or mail attribute.

2. Enable Google login in the customer portal#

Feide login with Google can be activated in the customer portal. This is done by editing the login methods on the organization tab.

Screenshot of the organization configuration page in the Feide customer portal. The screenshot shows the "Login methods" section. The section contains a button labeled "edit".

Toggle the Google checkbox to enable Google login for the organization. You will also need to provide the Google domain name used by your organization. If you have users in multiple Google domains that need to sign in to Feide, please fill in the primary Google domain, used by the majority of the users. Then contact Feide support to get the additional Google domains added to your Feide configuration.

To save the change, click on Save at the bottom of the page.

It may take up to 10 minutes before the login with a Google account is available as an option in the organization Feide’s login window.

On this page