Google Sign in usage

This guide provides a complete, step-by-step tutorial for enabling users to log into the VoIPmonitor GUI using their Google accounts via the OAuth 2.0 protocol.

Overview: What is Google Sign-In?

Integrating Google Sign-In provides a convenient and secure way for your users to access the VoIPmonitor GUI. Instead of creating and remembering a separate password for VoIPmonitor, they can use their existing, trusted Google account.

The process works by linking a user's Google email address to a user profile inside VoIPmonitor. When a user authenticates with Google, VoIPmonitor uses their email address to find their corresponding profile and apply the correct permissions.

How User Permissions Are Assigned

VoIPmonitor uses the following logic to map a logged-in Google user to a GUI profile:

1. Direct Email Match: First, it checks if a user exists in the GUI whose email is an exact match for the Google email address returned from auth.
2. Secure Users List: If no direct match is found, it checks the "Gmail emails" list under the "Secure users" tab of all user profiles. If a match is found, the permissions of that profile are used. This allows multiple Google accounts to be mapped to a single VoIPmonitor profile.
3. Default Fallback User: If still no match is found, it checks if any user has been designated as the "Default Google Sign-In email" account. If so, all unmatched Google users will inherit the permissions of this default profile.

Part 1: Creating Google OAuth 2.0 Credentials

Before you can enable this feature in VoIPmonitor, you must create your own "OAuth client ID" within the Google Cloud Platform console.

Step 1

Go to the Google Cloud Console

Navigate to console.cloud.google.com/apis/credentials.

Step 2

Create New Credentials

Click + CREATE CREDENTIALS at the top of the page and select OAuth client ID.

Step 3

Configure the OAuth Client ID

• Application type: Select Web application.
• Name: Give it a descriptive name, like "VoIPmonitor GUI Login".
• Authorized JavaScript origins: This is a critical step. You must add the full URL of your VoIPmonitor GUI here. For example, https://voipmonitor.example.com. Note that Google requires these URLs to use HTTPS.
• Authorized redirect URIs: This can often be left blank, but for best practice, you should add the URL of your GUI's login page.

Step 4

Get Your Client ID

After creation, a pop-up will display your Client ID. It will look something like 1234567890-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com. Copy this value; you will need it in the next part.

Step 5

Configure the OAuth Consent Screen

You may be prompted to configure the "OAuth consent screen." This is the page your users will see when they first authorize the application. You only need to fill in the basic required information, such as an application name and user support email.

Part 2: Configuring VoIPmonitor

With your Google Client ID in hand, you can now enable and configure the integration in the GUI.

Step 1

Enable Google Sign-In

Navigate to Settings → System Configuration → Authentication.

Find the option Enable Google Sign in and set it to Yes.

Step 2

Enter Your Client ID

Find the option Google client ID for Google Sign in.

Paste the Client ID you obtained from the Google Cloud Console into this field.

Step 3

(Optional) Hide the Login Button

• If you want to only allow Google login and hide the standard username/password form, you can set Don't display local login form to Yes.
• The Don't display Google Sign in button option allows you to hide the "G" button if you need to temporarily disable the feature without losing your settings.

Step 4

Create User Mappings

Ensure that user accounts exist in Settings → Users with usernames that match the Google email addresses of the users who will be logging in, or use the "Secure users" or "Default" mapping methods described in the overview.

Troubleshooting

Blank Window After Clicking Sign-In

Problem

After clicking the "Sign in with Google" button, a blank window or pop-up appears and nothing happens.

• Cause: This is almost always caused by an incorrect configuration of the Authorized JavaScript origins in your Google Cloud Console credentials.
• Solution: Go back to your OAuth client ID settings in the Google Cloud Console and ensure that the URL you entered exactly matches the URL of your VoIPmonitor GUI, including the https:// prefix.

Unable to Log In or Set Password

Problem

Unable to log in using Google Sign-In and unable to set a password for the existing account.

• Cause: In some cases, particularly with Cloud Trial Portal accounts, the Google Sign-In integration may not work due to configuration issues, and the standard password reset/set password workflow may also fail. This can happen if the invitation email was not received or has expired.
• Solution: Create a new user account instead. The newly created user account will allow you to set a password and gain access to the GUI. This workaround is often faster than debugging the authentication issues with the existing account. For Cloud Trial Portal users, simply register for a new trial with a different email address if necessary.

SSO Fails Behind Reverse Proxy (AWS ALB, Nginx, etc.)

Problem

Google Sign-In fails or causes redirect loops when the VoIPmonitor GUI is accessed through a reverse proxy (e.g., AWS Application Load Balancer) that handles SSL termination. Users may see errors like "too many redirects" or lose their session after authentication.

• Cause: The reverse proxy terminates HTTPS and forwards requests to the backend GUI over HTTP. Without the correct headers, the GUI believes it is running on an insecure protocol and generates HTTP URLs or redirects, breaking the OAuth callback flow.
• Solution: Configure your reverse proxy to pass the original protocol via the X-Forwarded-Proto header. For Nginx, add this to your proxy configuration:

proxy_set_header   X-Forwarded-Proto $scheme;

For AWS ALB, this header is automatically included, but ensure any intermediate proxies pass it through. Also check for any Apache RewriteRule directives that redirect HTTP to HTTPS and modify them to exclude internal proxy traffic. See Nginx for complete configuration details.

Advanced Usage: Custom Login Scripts

The Google Sign-In feature is compatible with custom login scripts.

• When a user authenticates, VoIPmonitor will pass the user's email address to your custom script.
• Your script must then perform its logic and return a JSON structure as described in the Custom Login API documentation.
• Note that users defined directly within the VoIPmonitor GUI will always take precedence over users authenticated via a custom login script.

AI Summary for RAG

Summary: This guide provides a complete tutorial on integrating Google Sign-In with the VoIPmonitor GUI using OAuth 2.0. It explains how the feature works by mapping a user's Google email to an internal GUI user profile to assign permissions, detailing the three matching methods: (1) direct email match, (2) "Secure users" Gmail list, and (3) default fallback user. The guide covers creating an OAuth client ID in Google Cloud Console (with critical "Authorized JavaScript origins" configuration) and configuring the VoIPmonitor GUI under Settings → System Configuration → Authentication. Troubleshooting covers blank login windows (URL mismatch) and account access issues (create new account workaround).

Keywords: google sign-in, oauth, oauth2, login, authentication, google login, sso, single sign-on, client id, google cloud console, authorized javascript origins, user mapping, secure users, default fallback user, gmail, reverse proxy, X-Forwarded-Proto, AWS ALB, redirect loop

Key Questions:

• How do I enable Google Sign-In for VoIPmonitor GUI?
• How do I create an OAuth client ID in Google Cloud Console?
• Where do I configure the Google Client ID in VoIPmonitor?
• Why do I see a blank window after clicking "Sign in with Google"?
• How does VoIPmonitor map a Google email to a user profile?
• What are the three methods for mapping Google users to VoIPmonitor profiles?
• Can I use Google Sign-In with a custom login script?
• What is the "Authorized JavaScript origins" setting and why is it important?
• Why does Google Sign-In fail behind a reverse proxy or AWS ALB?
• How do I fix redirect loops with Google Sign-In behind Nginx?

See Also

• Microsoft_Sign_in_usage - Microsoft Entra ID / Azure AD integration
• 2FA - Two-factor authentication
• WEB_API#Custom_Login - Custom login scripts (LDAP, etc.)
• User_Management - User account management