YouTrack Server 2023.3 Help

Google Auth Module

This authentication module lets users log in to YouTrack with the email addresses and passwords they manage in Google.

When you enable Google authentication in YouTrack:

  • Your users log in to YouTrack with the credentials they use for their Google accounts.

  • Your YouTrack users have fewer accounts and passwords to remember.

  • New users with Google accounts can create their own accounts in YouTrack.

Enable Google Authentication

To allow users with existing Google accounts to log in to YouTrack, enable the Google authentication module.

This procedure takes place in three steps:

  1. Generate a Redirect URI in YouTrack. When you create an authentication module for Google, YouTrack generates a redirect URI to use with this service. This URI identifies the source of each login request to Google.

  2. Generate a Client ID and Secret in the Google Cloud Platform. Every login request sent from YouTrack to Google includes a unique identifier. The ID and secret you store in the authentication module tell Google that each login request is authorized.

  3. Enable the Auth Module in YouTrack. When you have generated the information YouTrack uses to authenticate with Google, copy the values into YouTrack and enable the module.

Generate a Redirect URI in YouTrack

To get started, open YouTrack and create an authentication module for Google accounts. When you create the authentication module, YouTrack generates a redirect URI to use with the authorization service.

To generate a redirect URI in YouTrack:

  1. From the Administration menu, select Access Management > Auth Modules.

  2. From the New module drop-down list, select Google.

    • The Auth Modules page displays the settings for a new Google authentication module.

    • YouTrack generates a redirect URI for you to use in Google.

    Google auth module settings
  3. Copy the redirect URI as instructed on the page.

  4. Click the link to access the Google Cloud Platform.

Generate a Client ID and Secret in the Google Cloud Platform

  1. Open the Google Cloud Platform and log in with your Google account.

  2. Select or create a project.

  3. From the Navigation menu, select APIs & Services > Credentials.

  4. From the Create credentials menu, select OAuth client ID.

    • The Create OAuth client ID page opens.

  5. For the Application type, select Web application.

    • Additional input fields for defining the client ID are shown.

  6. In the Authorized redirect URIs field, paste the redirect URI you copied from the Auth Module page in Hub.

  7. Click the Create button.

    • Google generates the credentials you need to set up the Hub module and displays them in a pop-up window.

    Google OAuth client created pop-up.

Enable the Auth Module in YouTrack

  1. Copy the client ID from Google and paste it into the Client ID input field in YouTrack.

  2. Copy the client secret from Google and paste it into the Client Secret input field in YouTrack.

  3. Configure the optional settings for the authentication module. For more information, see Optional Settings.

  4. Click the Enable module button.

    • The Google authentication module is enabled.

    • The icon stored in the Button Image setting is added to the login dialog window. Users can click this icon to authenticate with their Google accounts.

    Login dialog with Google

Settings

Field

Description

Type

Displays the name of the application or service that is enabled for third-party authentication in YouTrack.

Name

Stores the name of the authentication module. Use this setting to distinguish this module from other authentication modules in the Auth Modules list.

Button Image

Displays the image used for the button that a user clicks to log in to YouTrack with a Google account.

Authorized redirect URI

Displays the redirect URI that is used to register the connection to YouTrack in Google.

Server URL

Displays the URL of the server to which YouTrack sends a login request when a user logs in with a Google account.

The information displayed below this field helps you configure the authentication module.

Client ID

Stores the identifier Google uses to validate a login request. You generate this value in the Google Cloud Platform when you configure the authorization settings for a web application and enter an authorized redirect URI.

Client Secret

Stores the secret or password used to validate the client ID. You generate this value in the Google Cloud Platform together with the client ID.

Additional Settings

The following options are located at the bottom of the page. Use these settings to manage YouTrack account creation and group membership, and to reduce the loss of processing resources consumed by idle connections.

Option

Description

User creation

Enables creation of YouTrack accounts for unregistered users who log in with an account that is stored in the connected authorization service. YouTrack uses the email address to determine whether the user has an existing account.

Restricted domains and emails

Restricts the creation of user accounts to users with email addresses from the specified domains or specific email addresses. To specify multiple domains or email addresses, enter each value on a new line.

YouTrack recognizes domains with or without the @ sign, which means that you can either specify the domain as @domain.com or simply domain.com.

This option is only active when you enable the User creation option.

If a user attempts to log in with a JetBrains Account that does not match the specified domain, then:

  1. YouTrack will not let the user log in and will show a relevant error message.

  2. YouTrack will not create a new account for the user.

  3. YouTrack will not add this JetBrains Account to the Logins list of an existing user account, if such an account is found in the system.

Auto-join groups

Adds users to a group when they log in with an account that is stored in the connected authorization service. You can select one or more groups. New users that auto-join a group inherit all the permissions assigned to this group.

We recommend that you add users to at least one group. Otherwise, a new user is only granted the permissions that are currently assigned to the All Users group.

Connection timeout

Sets the period of time to wait to establish a connection to the authorization service. The default setting is 5000 milliseconds (5 seconds).

Read timeout

Sets the period of time to wait to read and retrieve user profile data from the authorization service. The default setting is 5000 milliseconds (5 seconds).

Audit

Links to the Audit Events page in YouTrack. There, you can view a list of changes that were applied to this authentication module.

Last modified: 22 March 2024