Articles in this section

Google Workspace setup

Follow these steps to set up Google Workspace (formerly G Suite) as an OIDC SSO provider for the Tipalti app.

Step 1. Create your OAuth client ID
  1. Sign in to your "Google Cloud Platform Console".
  2. Go to "Credentials".
  3. Click "+ CREATE CREDENTIALS" and select "OAuth client ID" to open the "Create OAuth client ID" screen.
    CredentialsScreen_760x291.png
Step 2. Identify the Tipalti app to Google's OAuth servers
  1. From the "Application type" dropdown, select "Web Application".
  2. In the "Name" field, type:
    • "Tipalti-Sandbox" , if you are setting up the Sandbox app.
    • "Tipalti-Production" , if you are setting up the Production app.
  3. In the "Authorized redirect URIs" section, click "Add URI", and add 2 URIs for each environment. Copy and paste the following URIs.
    • For Sandbox: 
      • https://console2.sandbox.tipalti.com/api/v0/account/authorizesso
      • https://sso.sandbox.tipalti.com/api/authorization/v1/authorizesso
    • For Production:
      • https://hub.tipalti.com/api/v0/account/authorizesso
      • https://sso.tipalti.com/api/authorization/v1/authorizesso
  4. Click "Create" to view the "OAuth client created" dialog.
    CreateOAuthClientID2_760x752.png
Step 3. Send your OIDC SSO credentials to Tipalti

To set up OneLogin as your SSO provider for Tipalti, you'll need to enter your client ID, client secret key, and base URL (sometimes known as 'Issuer URL', 'Callback URL', etc).

You need to copy the OAuth values from Google Workspace, and paste into a secured text password-sharing application (e.g., 1Password, Vault), as you need to provide Tipalti with these values for each application (Sandbox and Production) to complete the setup process.

  1. In the "OAuth client created" dialog, copy the values for "Your Client ID" and "Your Client Secret" and paste into the secured text password-sharing application. (This information is sensitive, so it is blacked out in the image below.)
  2. Click "OK".
    OAuthClientCreatedDialog_760x379.png
  3. On the "Credentials" screen, if you have multiple apps listed in the "OAuth 2.0 Client IDs" section, select the Tipalti app that you added and click the pencil icon or the app name to open the "Client ID for Web application" screen.
    OAuth2.0ClientIDs_760x326.png
  4. Click "DOWNLOAD JSON" .
    ClientIDForWebApplication2_760x488.png
  5. From the JSON file, copy the values for "Client ID", "Client secret" (if you haven't done so in step 3.1) and "Well-known authorization URL", and paste into the secured text password-sharing application.
  6. Send the document to Tipalti to finish the SSO configuration process.
    Once Tipalti confirms that your credentials have been received, destroy the document.