Google Sign in usage

Enable users to log into VoIPmonitor GUI using their Google accounts via OAuth 2.0.

Overview

Google Sign-In maps a user's Google email to a VoIPmonitor profile to assign permissions. The matching logic:

Direct Email Match: Username matches the Google email exactly.
Secure Users List: Email found in "Gmail emails" field under user's "Secure users" tab.
Default Fallback: User marked as "Default Google Sign-In email" receives all unmatched logins.

Configuration

Step 1: Create Google OAuth Credentials

Go to Google Cloud Console > APIs & Credentials
Click + CREATE CREDENTIALS → OAuth client ID
Configure:
- Application type: Web application
- Name: e.g., "VoIPmonitor GUI Login"
- Authorized JavaScript origins: Your GUI URL (e.g., https://voipmonitor.example.com)
- Authorized redirect URIs: Same as above (optional but recommended)
Copy the generated Client ID

⚠️ Warning: The Authorized JavaScript origins URL must exactly match your GUI URL, including https://. This is the most common cause of login failures.

Step 2: Configure VoIPmonitor GUI

Navigate to Settings → System Configuration → Authentication:

Option	Value	Description
Enable Google Sign in	Yes	Activates the feature
Google client ID	your-client-id	From Google Cloud Console
Don't display local login form	Yes/No	Hides username/password form (optional)
Don't display Google Sign in button	Yes/No	Temporarily hides Google button (optional)

Step 3: Map Users

Ensure users exist in Settings → Users with one of:

Username matching Google email exactly
Google email added to user's Secure users tab → "Gmail emails" field
One user designated as Default Google Sign-In email (Basic data tab)

Troubleshooting

Problem	Cause	Solution
Blank window after clicking Sign-In	Incorrect "Authorized JavaScript origins" in Google Console	Verify URL matches exactly, including `https://`
Unable to log in or set password	Account configuration issues (common with Cloud Trial)	Create a new user account instead
SSO fails behind reverse proxy (AWS ALB, Nginx)	Proxy terminates SSL, GUI sees HTTP	Add header: `proxy_set_header X-Forwarded-Proto $scheme;`
Redirect loops	Missing protocol header behind proxy	See Nginx for complete proxy configuration

Advanced: Custom Login Scripts

Google Sign-In works with custom login scripts:

VoIPmonitor passes the authenticated email to your script
Script must return JSON per Custom Login API
GUI-defined users take precedence over script-authenticated users

AI Summary for RAG

Summary: Guide for integrating Google Sign-In (OAuth 2.0) with VoIPmonitor GUI. User mapping uses three methods: (1) direct email match, (2) "Secure users" Gmail list, (3) default fallback user. Configuration requires creating OAuth client ID in Google Cloud Console with correct "Authorized JavaScript origins" URL (must match exactly including https://), then enabling in GUI under Settings → System Configuration → Authentication. Common issues: blank window (URL mismatch), SSO failures behind reverse proxy (add X-Forwarded-Proto header).

Keywords: google sign-in, oauth, oauth2, login, authentication, sso, single sign-on, client id, google cloud console, authorized javascript origins, user mapping, secure users, default fallback user, gmail, reverse proxy, X-Forwarded-Proto, AWS ALB, redirect loop, nginx proxy

Key Questions:

How do I enable Google Sign-In for VoIPmonitor GUI?
How do I create an OAuth client ID in Google Cloud Console?
Where do I configure the Google Client ID in VoIPmonitor?
Why do I see a blank window after clicking "Sign in with Google"?
How does VoIPmonitor map a Google email to a user profile?
What are the three methods for mapping Google users to VoIPmonitor profiles?
Can I use Google Sign-In with a custom login script?
What is the "Authorized JavaScript origins" setting and why is it important?
Why does Google Sign-In fail behind a reverse proxy or AWS ALB?
How do I fix redirect loops with Google Sign-In behind Nginx?