# OAuth authentication OAuth is a secure authentication method that uses an authentication token instead of a password to connect your application to your user account. Using OAuth, resource owners can configure permissions separately for each client requesting access to the same resource and can also modify/revoke the access at any point of time. - [Configuring OpManager with Google](https://www.manageengine.com/network-monitoring/help/oauth-google-config.html#google) - [OAuth Provider Configuration](https://www.manageengine.com/network-monitoring/help/oauth-google-config.html#config) - [Configuration of OAuth with Microsoft](https://manageengine.com/network-monitoring/help/oauth-authentication.html) > To configure OpManager with Google, you need to create or register an application. Moreover, for adding and updating actions authentication by the OAuth provider is required. ## Configuration of OAuth with Google 1. Go to [Google console dashboard.](https://console.cloud.google.com/apis/dashboard) 2. Click **Create project**, to create a new project. ![Configuration of OAuth with Google: Create project in google console dashboard](https://www.manageengine.com/network-monitoring/help/images/oauth-google-1.jpg) 3. Provide a name for the application and click **Create**, it will redirect to the Project home page. ![Configuration of OAuth with Google: Details for new project creation](https://www.manageengine.com/network-monitoring/help/images/oauth-google-2.jpg) 4. Then go to Library and search for the required **API/Services**. Then Enable the API/Services. ![Configuration of OAuth with Google: Enable API/Services](https://www.manageengine.com/network-monitoring/help/images/oauth-google-3.jpg) 5. Go to the OAuth consent screen, select the "External" user type and click **Create**. ![Configuration of OAuth with Google: User type selection - External](https://www.manageengine.com/network-monitoring/help/images/oauth-google-4.jpg) - In App information, provide **App name, User support email, Developer contact information** (Mandatory fields) and other necessary fields and click Save and continue. ![Configuration of OAuth with Google: App information](https://www.manageengine.com/network-monitoring/help/images/oauth-google-5.jpg) - To configure the [Scope](https://www.manageengine.com/network-monitoring/help/oauth-google-config.html#oauthscope), click "Add or Remove Scopes". If any specific scope is not available in the list, go to Library search for the specific API and enable it and then try to add the scope. ![Configuration of OAuth with Google: Scope configuration](https://www.manageengine.com/network-monitoring/help/images/oauth-google-6.jpg) - In the API Library, search for Gmail API & Enable it. ![Configuration of OAuth with Google: Enable Gmail API](https://www.manageengine.com/network-monitoring/help/images/oauth-google-12.jpg) - While adding scope, add and use the scope **"https://mail.google.com"** under Gmail API. - To add users who can authenticate through this application, click the "Add users" button and add the users. ![Configuration of OAuth with Google: Add users for authentication](https://www.manageengine.com/network-monitoring/help/images/oauth-google-7.jpg) - Then click **Save and Continue**, it will show the summary of the created application. 6. After adding the application details, go to **Credentials** and create a new **OAuth client ID**. ![Configuration of OAuth with Google: New OAuth client ID creation](https://www.manageengine.com/network-monitoring/help/images/oauth-google-8.jpg) - Select Application type as "Web application" and provide a name for it. ![Configuration of OAuth with Google: Application type selection - Web application](https://www.manageengine.com/network-monitoring/help/images/oauth-google-9.jpg) - Then add **redirect URL** as "https://www.manageengine.com/itom/OAuthAuthorization.html", and click **Create**. You can copy the Redirect URL from OpManager console -> OAuth provider page as well. ![Configuration of OAuth with Google: Redirect URL addition](https://www.manageengine.com/network-monitoring/help/images/oauth-google-10.jpg) - Once the credentials have been created, **Client ID and Client secret** will be shown in the dialog box. Copy both the values to configure OAuth Provider Settings in OpManager Console ![Configuration of OAuth with Google: Client ID and secret](https://www.manageengine.com/network-monitoring/help/images/client-id.PNG) - Download the **JSON**, in that we can find Authentication URL and Token URL as auth_url and token_url respectively. Copy these values to configure OAuth Provider Settings in OpManager Console ### Recommended Scope for Configuring Mail server with OAuth ![Configuration of OAuth with Google: Recommended scope for mail server configuration](https://www.manageengine.com/network-monitoring/help/images/oauth-google-13.jpg) ## OAuth Provider Configuration After configuring OAuth with Google, open OpManager, 1. Go to **Settings > General Settings > OAuth Provider - Add OAuth Provider** ![Configuration of OAuth with Google: OAuth provider addition](https://www.manageengine.com/network-monitoring/help/images/Oauth-help-1.jpg) 2. Provide the following details, - Profile Name - A unique profile name for each profile. - Description - Description about the OAuth profile. - Authentication Provider - OAuth provider's name - Gogle. - Timeout - Time required to connect with the provider. Range: 10-300 sec. - Client ID and Client Secret - Use the values copied from [Step 6](https://www.manageengine.com/network-monitoring/help/oauth-google-config.html#client-id) of configuring OpManager with Google. - Authentication URL and Token URL - Use the values copied from [Step 6](https://www.manageengine.com/network-monitoring/help/oauth-google-config.html#url) of configuring OpManager with Google. - Scope - Use the values copied from [this step](https://www.manageengine.com/network-monitoring/help/oauth-google-config.html#scope) of configuring OpManager with Google. 3. After providing the above details, save it. You will be redirected to Google Sign in page. Provide Email and Password to Sign in. Then click 'Continue' to provide consent for accessing the application. ![Configuration of OAuth wth Google: Gmail signin page to login](https://www.manageengine.com/network-monitoring/help/images/google-1.png) ![Configuration of OAuth wth Google: Continue option](https://www.manageengine.com/network-monitoring/help/images/google-2.PNG) ![Configuration of OAuth wth Google: Access for the google account to ManageEngine](https://www.manageengine.com/network-monitoring/help/images/google-3.PNG) Note that the Access Token will be generated for the email provided here. So, if this OAuth Provider is selected for Authentication, make sure to use the same email address as username. > **Note:** > > Now that you have successfully added an OAuth Provider, you can select that in Mail Server Settings for OAuth Authentication. ![Configuration of OAuth wth Google: Authentication provider](https://www.manageengine.com/network-monitoring/help/images/google-test-2.png) The status of OAuth Provider settings will be **Inactive** until it is used in the mail server settings. ![Configuration of OAuth wth Google: Inactive OAuth provider](https://www.manageengine.com/network-monitoring/help/images/google-test-1.png) ![Configuration of OAuth wth Google: Active OAuth provider](https://www.manageengine.com/network-monitoring/help/images/google-test-3.png)