How to Setup Google OAuth for Portainer Remote Access

By

Portainer Business Edition allows you to easily setup authentication using Google OAuth for user logins. This means you can use a Google account to log into your Portainer web interface.

If you can’t get a license for the Business Edition, you can still setup Google OAuth with Portainer Community Edition, but it does require a little more work.

Create Google Developer Project

First, log into your Google Developer’s Account: https://console.developers.google.com/

Go to the following webpage to create a new project:

https://console.cloud.google.com/projectselector2/home/dashboard?authuser=2&organizationId=0&supportedpurview=project

Enter a Project Name and click “Create”
Click on APIs & Services, +Create Credentials, OAuth client ID, Configure Consent Screen, External, Create
Give the app a name, enter a support email, enter developer contact information
Select ‘nothing’ for Scopes
Select ‘nothing’ for Test users
Go back to the Dashboard

Click on Credentials, +Create Credentials, and OAuth Client ID
Set Application Type = Web application
Enter a name, such as “Portainer”
For ‘Authorized JavaScript Origins’, enter: https://portainer.yourdomain.com
For ‘Authorized redirect URIs’, enter: https://portainer.yourdomain.com
Click on Create

The next page will have your Client ID and Client Secret. Save that information. We’ll need to enter it in Portainer.

Click to publish your App

Setup Authentication for Portainer

Next, go to Portainer, Settings, Authentication

Enter the following information:

Client ID (from your Google project)
Client secret (from your Google project)
Authorization URL: https://accounts.google.com/o/oauth2/auth
Access token URL: https://accounts.google.com/o/oauth2/token
Resource URL: https://www.googleapis.com/oauth2/v1/userinfo?alt=json
Redirect URL: https://portainer.yourdomain.com
User identifier: email
Scopes: profile email

Click Save. That’s it. You should now be able to log into your Portainer page using your Google account.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.