You are browsing the documentation for version 4.1 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Available in OroCRM Available in OroCommerce

Configure Google Single Sign-On in the Back-Office

Oro application supports Google Single Sign-On. This means that for a user that has the same primary email in the Oro application and Google accounts, it is enough to log-in only once during a session.

Google Side

Create Project

To configure single sign-on on the Google side:

  1. Open Google API Console

  2. Navigate to My Project selector in the top left corner and click Create Project.

    Create a project in the Google API console
  3. Define the Project Name and click Create.

    A new project page

Create Credentials

  1. Click Credentials in the menu on the left and open the Credentials tab.

    The Credentials tab details
  2. Click Create Credentials and select 0Auth client ID.

    A list of available credential options
  3. To create an OAuth client ID, first set a product name on the consent screen.

Oro Application Side

Configure Google Integration

To configure the integration with Google in your OroCRM or OroCommerce application:

  1. Navigate to System > Configuration in the main menu.

  2. In the left panel, click Integrations > Google Settings.

  3. Define the following fields for Google Integration Settings:



Client ID

The Client ID generated in the API console.

Client Secret

The Client Secret generated in the API console.

Google API Key

The API Key generated in the API console. Provide a valid Google API key to activate maps for addresses in the system.

  1. Define the following fields for Google Sign-on:




Check Enable.


Domains is a comma separated list of allowed domains. It limits the list of mailboxes for which single sign-on can be used (e.g., only a domain used specifically by your company). Leave the field empty to set no such limitation.

OAuth 2.0 for email sync

Check Enable.

Global Google integration settings

Log in with Google

When a user gets to the login page of an instance for which single sign-on capability has been enabled, the Login Using Google link is displayed.

The login page with the link to log in via google

If the user is not logged into any Google accounts after the link has been clicked, a usual Google log-in page will appear.

As soon as the user has logged into their Google account, a request to use the account in order to log-in to Oro application is displayed (details defined for the consent screen is used).

Google account page

For now on, for a user logged-in into a Google account, it is enough to click the Login using Google link to get into Oro application.


Note that the email used for the Google account and the primary email of the user in Oro application must be the same.