Articles in this section

Google Workspace setup

Follow these steps to set up Google Workspace (formerly G Suite) as an SSO provider for the Tipalti app.

  1. Sign in to your "Google Cloud Platform Console".
  2. Go to "Credentials".
  3. Click "+ CREATE CREDENTIALS" and select "OAuth client ID" to open the "Create OAuth client ID" screen.

    4. Credentials screen

  1. From the "Application type" dropdown, select "Web Application".
  2. In the "Name" field, type:
    • "Tipalti-Sandbox" , if you are setting up the Sandbox app.
    • "Tipalti-Production" , if you are setting up the Production app.
  3. In the "Authorized redirect URIs" section, click "Add URI", and add 2 URIs for each environment. Copy and paste the following URIs.
    • For Sandbox: 

      • https://console2.sandbox.tipalti.com/api/v0/account/authorizesso

      • https://sso.sandbox.tipalti.com/api/authorization/v1/authorizesso
    • For Production:
      • https://hub.tipalti.com/api/v0/account/authorizesso
      • https://sso.tipalti.com/api/authorization/v1/authorizesso
  4. Click "Create" to view the "OAuth client created" dialog.

    5. Client OAuth client ID screen

You need to copy the OAuth values from Google Workspace, and paste into a secured text password-sharing application (e.g., 1Password, Vault), as you need to provide Tipalti with these values for each application (Sandbox and Production) to complete the setup process.

  1. In the "OAuth client created" dialog, copy the values for "Your Client ID" and "Your Client Secret" and paste into the secured text password-sharing application. (This information is sensitive, so it is blacked out in the image below.)
  2. Click "OK".

    3. OAuth client created dialog

  3. On the "Credentials" screen, if you have multiple apps listed in the "OAuth 2.0 Client IDs" section, select the Tipalti app that you added and click the pencil icon or the app name to open the "Client ID for Web application" screen.

    4. OAuth 2.0 Client IDs section

  4. Click "DOWNLOAD JSON" .

    5. Client ID for Web applications screen

  5. From the JSON file, copy the values for "Client ID", "Client secret" (if you haven't done so in step 3.1) and "Well-known authorization URL", and paste into the secured text password-sharing application.
  6. Send the document to Tipalti to finish the SSO configuration process.

    7. Once Tipalti confirms that your credentials have been received, destroy the document.