Subscribe to Help Center RSS FeedThis article explains how Google Workspace (GWS) administrators can enable seamless, zero-touch authentication for users of the JumpCloud Goâ„¢ extension. This allows users signed in to their Chrome profile to automatically pre-authorize the JumpCloud extension. This removes manual sign in requirements and approval prompts, which reduces onboarding friction and enables faster utilization of SaaS Management.
- This configuration enables immediate browser extension tracking for SaaS Management without requiring initial user sign-in or authentication. It does not replace JumpCloud Go registration or passwordless authentication.
- Users must still register their device to use JumpCloud Go for external authentication (for example the User Portal or SSO applications).
- This feature is limited to managed Chrome browsers and requires JumpCloud Go extension version 1.3.25 or later.
Prerequisites:
- JumpCloud Go must be enabled in your org. See Get Started: JumpCloud Go to learn more.
- JumpCloud Go extension version 1.3.25 or later must be installed in Chrome browsers.
- You must have Google Workspace Super Administrator privileges to complete these steps.
- You’ll need the following JumpCloud Application Details for the configuration:
- Client ID: 296541653484-qlullor7ps6qr2j1rdi7g47e9nlcblvs.apps.googleusercontent.com
- Required OAuth Scopes: openid and https://www.googleapis.com/auth/userinfo.email
Setting Up Domain-Wide Delegation in GWS
You’ll need to configure your Google Workspace account to trust the JumpCloud extension and grant it the necessary permissions to identify your users securely.
To access Domain-Wide Delegation:
- Log in to the Google Workspace Admin console
- In the left menu, go to Security > Access, then data control > API controls.
- In the API controls panel, go to the Domain-wide Delegation section and click MANAGE DOMAIN-WIDE DELEGATION.
To add a new API client:
- At the top of the API clients page, click Add new. The Add a new client ID window appears.
- In the Client ID field, paste the unique numerical Client ID provided in the Prerequisites.
- In the OAuth scopes (comma-delimited) field, you must enter the exact permission scopes that the extension requires. These scopes allow the extension to securely view your users' email addresses for identification purposes and associate users with their personal info on Google.
- Click Authorize.
- The JumpCloud application should now be listed under the Domain-wide Delegation page and configuration is complete.
It may take a few minutes to a few hours for the settings to propagate across your entire Google Workspace organization.
In this Article
Learn More