How to enable Google OAuth login for all users.
CubeBackup administrators/operators can backup or restore data for any users in the Google Workspace domain. However, it is often advantageous, especially in large organizations, to allow users to individually find and recover their own files or messages.
Enable Google OAuth login for CubeBackup
Please follow the instructions below to enable Google OAuth login for all users in your Google Workspace domain:
Step 1. Assign a domain name to the CubeBackup server
Accessing the CubeBackup console via a domain name (not the IP address) is required for Google OAuth login. In most cases, you can assign a subdomain name for the CubeBackup server/VM (e.g. backup.company-name.com).
To point a domain name (e.g. backup.company-name.com) to your CubeBackup server, you need to add an “A” record in the DNS provider’s console to connect the domain name to the IP address of your CubeBackup server.
You can find more information about “A” records at support.google.com/a/answer/2576578/.
To change the DNS settings of your domain, you need to sign into the console of your DNS service provider, such as GoDaddy, Namecheap, or Google Domains. If you do not know the DNS service provider of your domain, or if you do not have credentials/permissions to log into the DNS console, please consult your network administrator.
Step 2. Enable HTTPS/SSL for the CubeBackup web console
After assigning a domain name for the IP address of the CubeBackup server, please enable HTTPS/SSL for your CubeBackup web console.
HTTPS/SSL is natively supported in CubeBackup and is easy to activate for the web console. You can visit How to enable HTTPS for CubeBackup for detailed instructions.
Step 3. Create OAuth client ID
Log in to Google Cloud Platform using the same Google account which was used to create the Google Service account in the initial configuration.
- Make sure that the project created for the Google Service account is the active project in the Google Cloud Platform.
- From the navigation menu, select APIs & Services > Credentials.
- In the Credentials page, click +CREATE CREDENTIALS > OAuth client ID.
- Select Web application from the Application type dropbox, then enter a name (e.g. CubeBackupClient) in the Name text box.
- Add the same URI in the Authorized redirect URIs section.
- Click CREATE.
- In the OAuth client created dialog that pops up, copy the value of Your Client ID and keep it for the next step.
Tip: If you closed dialog pop-up without copying the OAuth client ID, don’t worry, the OAuth client ID can always be found on the APIs & Services > Credentials page.
After the OAuth Client has been created, you should see at least one “OAuth 2.0 Client ID” and one “Service Account” in the Credentials page.
Step 4. Add the created OAuth Client ID to the CubeBackup configuration file
- Log (or SSH) into your backup server.
Open the configuration file config.toml using a text editor.
Starting with version 4.7, the configuration file is located at <installation directory>/etc/config.toml for fresh installations of CubeBackup. For installations upgraded through the console, or versions prior to 4.7, the configuration file is still located at <installation directory>/bin/config.toml.
On Windows, the default installation directory is located at c:\Program Files\CubeBackup4.
On Linux, the default installation directory is located at /opt/cubebackup.
Find the [Web] section and add the following line:
GoogleOAuthClientId = "Your OAuth Client ID"
Here is an example of the [Web] section in the configuration file:
[Web] Bind = ":80" HTTPSEnabled = true GoogleOAuthClientId = "110890958684-0va09v8s4qa8gicn3mijbpucb1bpf3lc.apps.googleusercontent.com"
Restart the CubeBackup service so the changes will take effect.
sudo /opt/cubebackup/bin/cbsrv restart
Enter services.msc in the command line, then in the Services list that pops up, right-click the CubeBackup Service entry, and select Restart.
sudo docker restart <container-name>
Step 5. Share the domain URL of the CubeBackup server to others
Now you can let everyone know the domain URL of the CubeBackup server for your Google Workspace domain, so that users can login to the CubeBackup web dashboard using their Google account.
Tip: Please complete the first few backup cycles of your Google Workspace domain before notifying all users of the domain address of the CubeBackup server. Otherwise, there will be no backup data for the users to see.