Skip to content

Commit 16ee605

Browse files
peterschmidt85peterschmidt85
authored
Added docs/google.md describing Google SSO (#7)
1 parent f087935 commit 16ee605

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

google.md

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# dstack Enterprise Google integration
2+
3+
`dstack` Enterprise supports Single Sign-On via [Google](https://developers.google.com/identity/gsi/web/guides/overview). When Google integration is configured, the `dstack` login page will display the **Sign in with Google** button.
4+
5+
After signing in with Google for the first time, a new `dstack` user account is created and linked to the Google account. Subsequently, users can log in to `dstack` using their Google account without entering any `dstack`-specific credentials.
6+
7+
> [!NOTE]
8+
>
9+
> `dstack` automatically links Google accounts to existing `dstack` users instead of creating new users if their emails match. Global admins should assign Google emails to `dstack` users if automatic linking is desirable.
10+
11+
The `dstack` Google integration uses the OAuth 2.0 and OpenID Connect (OIDC) standards.
12+
13+
## Configure the GCP
14+
15+
> [!IMPORTANT]
16+
> While user accounts are managed in Google Workspace, [Google Cloud Platform (GCP) is used](https://developers.google.com/workspace/guides/auth-overview) to register applications that can use those accounts for authentication. This one-time setup in GCP is required to obtain the OAuth 2.0 credentials (**Client ID** and **Client Secret**) for `dstack` Enterprise.
17+
18+
1. [Create a GCP Project](https://developers.google.com/workspace/guides/create-project)
19+
2. [Configure the OAuth Consent Screen](https://developers.google.com/workspace/guides/configure-oauth-consent)
20+
1. In the In the GCP Console, Console, navigate to **APIs & Services > OAuth consent screen**
21+
2. Fill in the required fields (**App name**, **User support email**, etc.).
22+
3. Choose **Internal** as the **User Type**.
23+
3. [Create OAuth 2.0 Credentials](https://developers.google.com/workspace/guides/create-credentials)
24+
1. In the GCP Console, navigate to **APIs & Services > Credentials**
25+
2. Click **Create OAuth Client**
26+
3. For **Application type**, select **Web application**
27+
28+
4. Enter application settings:
29+
* **Name**: dstack Enterprise
30+
* **Authorized redirect URIs**: Add a URI in the format `{DSTACK_SERVER_URL}/auth/google/callback`, e.g., `https://enterprise-example.dstack.ai/auth/google/callback`.
31+
5. Click `Create`.
32+
33+
## Configure Google on the `dstack` server
34+
35+
To enable Google Single Sign-On on the `dstack` server, you need to set the following environment variables:
36+
* `DSTACK_GOOGLE_PROJECT_ID` - your GCP project ID, e.g. `my-dstack-enterprise-project`.
37+
* `DSTACK_GOOGLE_CLIENT_ID` - the **Client ID** of the `dstack` Enterprise application created in the previous step.
38+
* `DSTACK_GOOGLE_CLIENT_SECRET` - the **Client secret** of the `dstack` Enterprise application created in the previous step.
39+
40+
Also ensure that you have the `DSTACK_SERVER_URL` set to an URL of the dstack Enterprise installation,
41+
if it's different from the default `http://localhost:3000`, e.g. `https://enterprise-example.dstack.ai`.

0 commit comments

Comments
 (0)