cancel
Showing results for 
Search instead for 
Did you mean: 

vSZ/SZ SocialMedia Login Guest Portal Authentication with Google

Ambika-leimapok
Moderator
Moderator

Summary:

In this article, I am going to explain the configuration steps of Social Login Guest Portal authentication with Google.

Network Environment:  

  • SmartZone/Virtual SmartZone [Essentials/High-Scale] (Controller), version 6.1.1.0.x.
  • R350 (Access Point)

Setup Procedure:

  • In the vSZ/SZ GUI, navigate to ‘Network -> Wireless LANs’ and select ‘Create'.

Ambikaleimapok_0-1663661900782.png

 

  • Name the WLAN, in my setup I named it as ‘SOCIAL_LOGIN’, Authentication Type as "Guest Access" and Method as "Open"

Ambikaleimapok_1-1663661900790.png

 

  • Encryption Options is selected as 'Open' (but it can change based on requirement). 

Ambikaleimapok_2-1663661900793.png

  • Under Guest Access Portal, select 'Social Media Login'
  • In 'Social Media Profile' click '+'icon to create the profile

Ambikaleimapok_3-1663661900798.png

  • Name the social media profile and in Social Auth Option turn 'ON' the toggle for Google and click the 'here' button

Ambikaleimapok_4-1663661900802.png

 

  • If you click on “here” you will be redirect to Google APIs section of your Google account, login, accept terms of service and click on “+ Create Project”

Ambikaleimapok_5-1663661900811.png

  • Enter Project Name and Location and click on Create.

 

Ambikaleimapok_6-1663661900815.png

  • Once the project has been created, go to the OAuth consent screen, and select External and click Create

Ambikaleimapok_7-1663661900832.png

  • Under App information, complete the following steps:
  • For App name, enter the application name.
  • For User support email, select an email address from the list.

 

Ambikaleimapok_8-1663661900839.png

 

Ambikaleimapok_9-1663661900850.png

  • For Developer contact information, enter valid email address and click SAVE AND CONTINUE.

Ambikaleimapok_10-1663661900857.png

  • In the Edit app registration > Scopes page, click SAVE AND CONTINUE.
  • In the Edit app registration > Test users page, click SAVE AND CONTINUE.
  • On the OAuth consent screen, click PUBLISH APP.

Ambikaleimapok_11-1663661900863.png

  • In the Push to production dialog box, click Confirm.

Ambikaleimapok_12-1663661900873.png

  • Under Publishing status, change the status to In production.

Ambikaleimapok_13-1663661900879.png

  • Go to the Credentials page and click CREATE CREDENTIALS and select OAuth client ID.

 

Ambikaleimapok_14-1663661900896.png

Ambikaleimapok_15-1663661900902.png

 

  • Click Create. If successful, Google displays the Client ID and Client Secret, as shown in the following figure. 

Ambikaleimapok_16-1663661900905.png

  • The Google Client ID and Google Secret would be automatically filled once the above steps are performed              

Ambikaleimapok_17-1663661900911.png

  • Then add these Whitelisted Domains:*.geotrust.com, *.google.com, *.gstatic.com
  • The next step is to create a 'Guest Portal Service' by clicking the '+' icon

 

 

Ambikaleimapok_18-1663661900914.png

 

 

  • Enter the 'Portal name' and 'Save' (It can be modified based on requirement).

 

Ambikaleimapok_19-1663661900917.png

 

 

 

For this example, all other settings including VLAN assignment for end-user devices are set to the default values.

Next click 'OK'.

This configuration will be good to go ahead with Social Media login With Google.

Regards,

Leimapokpam Ambika

Leimapokpam Ambika
Sr.Technical Support Engineer
CWNA | RASZA | RACPA
3 REPLIES 3

nickzourdos
Contributor

Can someone confirm whether this feature is still broken due to certificate issues? Last I heard a fix was being considered for version 7.1 which will likely not be released until 2024. 

 

I was confused, the INTERNAL authentication to your Google tenant is what is currently broken. This article explicitly specifies EXTERNAL authentication, which is outside our use case. 

Evandro
New Contributor

Hy, what should I consider or allow on the firewall the client uses Palo Alto. the client says that everything is released for the device/AP/controller, but after inserting the email the device keeps loading and timeout, I replicated its settings in my lab and it worked perfectly

Hi Evandro, If there is no issue observed in the lab environment which has no firewall, I doubt it would be a network issue. I recommend you to take a pcap on firewall side and see if there is any traffic drops.

Leimapokpam Ambika
Sr.Technical Support Engineer
CWNA | RASZA | RACPA