How do you enable Google OAuth login for all users?
Note: Currently, this feature is only available in the V4.5-beta version. If you are using CubeBackup version 4.3.x, you can ignore this post.
CubeBackup administrators/operators can backup or restore data for any users in the G Suite domain. However, it is often advantageous, especially in large organizations, to allow users to individually find and recover their own files or messages.
Enable Google OAuth login for CubeBackup
Please follow the instructions below to enable Google OAuth login for all users in your G Suite domain:
1. Assign a domain name to the CubeBackup server
Accessing the CubeBackup console via a domain name (not the IP address) is required for Google OAuth login. In most cases, you can assign a subdomain name for the CubeBackup server/VM (e.g. backup.company-name.com).
To point a domain name (e.g. backup.company-name.com) to your CubeBackup server, you need to add an “A” record in the DNS provider’s console to connect the domain name to the IP address of your CubeBackup server.
You can find more information about “A” records at support.google.com/a/answer/2576578/.
To change the DNS settings of your domain, you need to sign into the console of your DNS service provider, such as GoDaddy, Namecheap, or Google Domains. If you do not know the DNS service provider of your domain, or if you do not have credentials/permissions to log into the DNS console, please consult your network administrator.
2. Enable HTTPS/SSL for the CubeBackup web console (Optional)
After assigning a domain name for the IP address of the CubeBackup server, it is recommended that you enable HTTPS/SSL for your CubeBackup web console.
HTTPS/SSL is natively supported in CubeBackup and is easy to activate for the web console. You can visit How to enable HTTPS for CubeBackup for detailed instructions.
3. Create OAuth client ID
Log in to Google Cloud Console using the same Google account which was used to create the Google Service account in the initial configuration.
- Make sure that the project created for the Google Service account is the active project in the Google Cloud Console.
- From the navigation menu, select APIs & Services > Credentials.
- In the Credentials page, click +CREATE CREDENTIALS > OAuth Client ID.
- Select Web application from the Application type dropbox, then enter a name (e.g. CubeBackupClient) in the Name text box.
- Click +ADD URI again, and add the HTTPS URI of the CubeBackup server, such as https://backup.company-name.com.
- Add the same URIs in the Authorized redirect URIs section.
- Click CREATE.
- In the OAuth client created dialog that pops up, copy the value of Your Client ID and keep it for the next step.
Tip: If you closed dialog pop-up without copying the OAuth client ID, don’t worry, the OAuth client ID can always be found on the APIs & Services > Credentials page.
After the OAuth Client has been created, you should see at least one “OAuth Client ID” and one “Service Account” in the Credentials page.
4. Add the created OAuth Client ID to the CubeBackup configuration file
- Log (or SSH) into your backup server.
Open the configuration file config.toml using a text editor.
Tip: By default, on Linux, the configuration file is “/opt/cubebackup/bin/config.toml”. On Windows, the configuration file is “c:\Program Files\CubeBackup4\bin\config.toml”.
Find the [Web] section and add the following line:
GoogleOAuthClientId = "Your OAuth Client ID"
Here is an example of the [Web] section in the configuration file:
[Web] Bind = ":80" HTTPSEnabled = true GoogleOAuthClientId = "110890958684-0va09v8s4qa8gicn3mijbpucb1bpf3lc.apps.googleusercontent.com"
Restart the CubeBackup service so the changes will take effect.
sudo /opt/cubebackup/bin/cbsrv restart
Enter services.msc in the command line, then in the Services list that pops up, right-click the CubeBackup Service entry, and select Restart.
sudo docker restart <container-name>
5. Share the domain URL of the CubeBackup server to others
Now you can let everyone know the domain URL of the CubeBackup server for your G Suite domain, so that users can login to the CubeBackup web dashboard using their Google account.
Tip: Please complete the first few backup cycles of your G Suite domain before notifying all users of the domain address of the CubeBackup server. Otherwise, there will be no backup data for the users to see.