MicroStrategy ONE
Integrate OIDC Support with Google
Starting in MicroStrategy ONE (September 2024), you can integrate OpenID Connection (OIDC) support with Google.
Google does not expose an OAuth scope to obtain user groups as part of the OIDC flow. Therefore, MicroStrategy can not retrieve group information for Google users and can not map Google groups to MicroStrategy administrator groups.
Create Application
-
Sign in to Google Cloud Console.
-
Under APIs & Services, click Credentials.
-
Click Create Credentials and select OAuth client ID.
-
If your application runs on multiple platforms, each platform will need its own client ID.
Create Web OAuth Client ID
-
In the Create OAuth client ID dialog, under Application type, select Web application.
-
In Name, type an application name.
-
Under Authorized redirect URIs, enter the
Library URL
and add/auth/oidc/login
to the end of the URL, as shown below.https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login
-
Click Create.
Create iOS OAuth Client ID
-
In the Create OAuth client ID dialog, under Application type, choose iOS.
-
In Name, type an application name.
-
In Bundle ID, enter your application bundle ID.
-
Click Create.
Create Android OAuth Client ID
-
In the Create OAuth client ID dialog, under Application type, choose Android.
-
In Name, type an application name.
-
In Package name, type an application package name.
-
In SHA-1 certificate fingerprint, enter the SHA-1 certificate fingerprint.
-
Expand Advanced Settings and select the checkbox next to Enable custom URI scheme.
-
Click Create.
Create Workstation OAuth Client ID
-
In the Create OAuth client ID dialog, under Application type, choose Desktop app.
-
In Name, type an application name.
-
Click Create.
Configure MicroStrategy Library in Workstation
-
Open Workstation and connect to the Library environment using standard authentication with an administrator user.
-
Right-click on the environment and choose Configure Enterprise Security.
-
In Select an identity provider, choose Google Cloud Identity.
Configure Web Client
-
In Client ID and Client Secret, enter the values from the client you created in Create Web OAuth Client ID.
-
The Library Web URI is generated automatically. Ensure you add this URI to the Authorized redirect URLs in the client you created in Create Web OAuth Client ID.
-
In Scopes, enter your required scopes.
-
In Additional Parameter, type
access_type
andoffline
.
Configure iOS Client
-
In Client ID, enter the value from the client you created in Create iOS OAuth Client ID.
-
In Redirect URI Scheme, enter the iOS URL scheme from the iOS client you created in Create iOS OAuth Client ID.
-
In Scopes, enter your required scopes.
Configure Android Client
-
In Client ID, enter the value from the client you created in Create Android OAuth Client ID.
-
In Package Name, enter the Package name from the client you created in Create Android OAuth Client ID.
-
In Scopes, enter your required scopes.
Configure Workstation Client
-
In Client ID and Client Secret, enter the values from the client you created in Create Workstation OAuth Client ID.
-
In Scopes, enter your required scopes.
Enable OIDC Auth Mode for MicroStrategy Library
-
Go to the Library Admin page. For example,
https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/admin
. -
In the navigation pane, click Library Server.
-
In Authentication Modes, choose OIDC and click Create Trusted Relationship.
-
Log in and deselect Standard.
-
Click Save.
For more information, see Enable OIDC Authentication for MicroStrategy Library