home

MinistryPlatform

RealmMinistryPlatformPDSACSAccountingGivingConnectShepherdGrowth MethodGo MethodMissionInsiteGatherHeadMaster ChildcareTrust Center
RealmMinistryPlatformPDSACSAccountingGivingConnectShepherdGrowth MethodGo MethodMissionInsiteGatherHeadMaster ChildcareTrust Center

What would you like to know more about?

Show Contents

Show Page Sections

thumbnailMinistryPlatform

External Login Authentication

Google

New Google External Login Authentication

This section covers everything you need to set up your instance of MinistryPlatform so your members can log in through Google.

You can configure MinistryPlatform so your members can create an account or log in to the Platform using their Google account. To set up a Google external login, you need to access to three places:
Important: If you do not have access to your server, coordinate this setup with someone who does.
Tip: It is helpful to be logged in to the Platform and Google's Cloud Platform console at the same time.

Set Up an Existing Google External Login Authentication

Already set up your Google External Login Authentication with Google+ and getting an error message? Relink your account using a new Google account.

  1. In the navigation menu, click Administration > Identity Providers.
  2. Open the Google Identity Provider Record.
  3. Remove the existing Client ID and Client Secret.
  4. Add a new Client ID and Client Secret created using Google's Cloud Platform Console.
  5. Click Save.
    Note: MinistryPlatform only registers identity provider changes with a full appreciation pool reset. This happens overnight, but if you have access to your server, you can reset the app pool.

Create an Identity Provider in the Platform

  1. In the navigation menu, click Administration > Identity Providers.
  2. Select New Identity Provider.
  3. Add a display name.
  4. For Provider Type, select Google.
  5. Add a Client ID.
    Note: You'll replace this during the set up process, so any value is fine.
  6. Click Save.
  7. Copy the Identity Provider Unique ID that is generated when you save. You'll need this later.
    Note: You'll need this value with all uppercase letters. Check out convertcase.net for a handy shortcut.

Create & Configure the Google Identity

  1. Go to the Google Cloud Platform Console.
  2. Select a project or create a new one.
  3. If this is your first time creating a Client ID, configure your consent screen.
    Tip: Use an administrative email. For example, support@[yourchurch].com.
    • Scopes: You are not required to add scopes. If you add scopes, Google may need to approve your app.
    • Test User: Start in testing mode and only test people who can access the app. Before you verify the app, you can only have 100 users. This number is counted over the entire lifetime of the app.
  4. Select Credentials.
  5. Click New Credentials, then select OAuth client ID.
  6. Select Web Application as your application type.
  7. Enter any additional required information required.
  8. Add your URI: Your website URL.
    https://[YOURDOMAIN]/ministryplatform
  9. Add your Authorized Redirect URIs.
    1. Add the Identity Provider Unique ID that was created when you set up the Google Identity Provider in the Platform.
      Remember: You'll need the Identity Provider Unique ID to contain all uppercase characters.
  10. Click Create ID.
    https://[YourDomain]/ministryplatformapi/oauth/callback/[IdentityProviderUniqueID]

Add OAuth Data

  1. In the Credentials page, select the OAuth 2.0 to reach the Client ID for Web Application page.
  2. Copy the Client ID.
  3. Paste the Client ID into the Client ID field on the Google Identity Provider record in the Platform.
  4. Back on the Client ID for Web Application page, copy the Client Secret.
  5. Paste the Client Secret into the Client Secret field on the Google Identity Provider record in the Platform.
  6. While in the Platform, set Is Public to Yes.
  7. Click Save to save the updated Google Identity Provider record.

Recycle the App Pool & Test

  • MinistryPlatform only registers identity provider changes with a full application pool reset.
  • If Setup Admin is set to Yes on your User record, you will have a Restart Auth App button on your user profile. Click that button to make the external authentication option available.
    Tip: Open a window in Incognito mode, and go to the Platform. Go to the Edit User Account screen, select Social Logins and then click Google. Until your app is published, it is only available to Test Users.
  • To confirm you can link your Google account to the Platform, go to the Edit User Account screen, select Social Logins and then select Google. Until you publish your app, it will only be available to Test Users.
    Note: You'll start with Google in testing mode. After you confirm that the Google login works, you'll need to return to the Google Cloud console, go to the OAuth Consent Screen, and click Publish App. Then, you must provide some additional information.