Single sign on with Google Apps
New Tutorial Available
A new tutorial is available here https://docs.pritunl.com/docs/google
Controlling access to Pritunl on large enterprise deployments can be difficult requiring manually adding users or integrating with the api. Single sign-on can be used to simplify access to Pritunl by allowing users to use an existing company account such as their company Google email address to login to Pritunl. A Pritunl enterprise license is required for single sign-on.
Setup Single Sign-On with Google Apps
Integrating Google Apps with Pritunl is very simple and requires only setting the allowed domains in the single sign-on settings. Authentication is done by using authentication servers hosted by Pritunl to validate and authenticate a users Google account with Oauth. Once the users Google account has been verified the Pritunl server will validate that it is part of an allowed domains for single sign-on. Once validated a vpn user will be created if one does not already exist, the user will then be redirected to a page where they can download their vpn keys. The single sign-on settings can be found in the server settings in the admin interface. First check the box on the left to enable single sign-on then enter your Google Apps domain such as pritunl.com, multiple domains can be entered separated by a comma. Then select the organization that will be used to add users that have authenticated with their Google accounts. It is recommended to create a separate organization for single sign-on to prevent conflicts with existing user accounts.
Once configured a login with Google button will be shown at the login page. Users will be able to click this and authenticate their Google accounts with Pritunl. Once authenticated they will be directed to download their keys. When the user connects the Google account will be re-authenticated, if the user no longer exists or has been disabled the user won’t be able to connect to the server.
The Google Apps validation filter can be modified for more detailed control over what users have access and what organization the user will be added to. Additional details and instructions for coding custom filters for Google can be found on the Pritunl Github Repository.