Google Single Sign-On
What is it?
Enable Single Sign-On with Google and users can sign in to eHour with their Google account. Users do not have to remember a separate eHour password as they authenticate with their Google account.
Being able to log in with their Google account is convenient for the user. It also adds a layer of security: passwords and the password policy are managed in your Google workspace. Users who have left the company automatically do not have access to eHour anymore.
Single Sign-On first must be enabled in eHour by an admin before users can sign in with their Google account.
How to enable SSO with Google?
To enable Single Sign-On (SSO) with Google:
- As an eHour Admin, click on the gear icon and select Single Sign-On (SSO)
- Select Google as the Identity Provider.
- Set the allowed domain or enter * as a wildcard for all domains.
- Click Enable Google SSO
A Google user and eHour user are matched on email address. Only Google accounts can log in for which an eHour user with the same email address exists.
You can further lock it down by only allowing certain domains to log in. For example, when all users in your workspace belong to the getehour.com domain, set the allowed domain to getehour.com. You can provide multiple domains, separated by a comma. To allow all domains, enter the * wildcard.
How can I sign in with my Google account?
When Single Sign-On is enabled you can use the "Sign with Google" button on the eHour login page. Bookmark https://ehourapp.com/oauth2/authorization/google to bypass the login page.
Disable eHour password login
As an extra security measure, you can configure eHour to allow users to sign in only using their Google account. When enabled, users can no longer sign in to eHour with their eHour password.
To prevent any account lockouts, eHour admins are always allowed to sign in with their eHour password, regardless of whether this is disabled for other users.
Only allow Google accounts by enabling the "Only allow access with a Google account" option.