How to setup Single Sign-On (SSO) with Google Workspace
Note
This feature is only available on Read the Docs for Business.
This how-to guide will provide instructions on how to enable SSO with Google Workspace. If you want more information on this feature, please read Single Sign-On (SSO)
Prerequisites
Organization permissions
To change your Organization’s settings, you need to be an owner of that organization.
You can validate your ownership of the Organization with these steps:
Navigate to the organization management page.
Look at the Owners section on the right menu.
If you’d like to modify this setting and are not an owner, you can ask an existing organization owner to take the actions listed.
Connect your Google account to Read the Docs
In order to enable the Google Workspace integration, you need to connect your Google account to Read the Docs.
The domain attached to your Google account will be used to match users that sign up with a Google account to your organization.
User setup
Using this setup, all users who have access to the configured Google Workspace will automatically join to your organization when they sign up with their Google account. Existing users will not be automatically joined to the organization.
You can still add outside collaborators and manage their access. There are two ways to manage this access:
Enabling SSO
By default, users that sign up with a Google account do not have any permissions over any project. However, you can define which teams users matching your company’s domain email address will auto-join when they sign up.
Navigate to the authorization setting page.
Select Google in the Provider drop-down.
Press Save.
After enabling SSO with Google Workspace, all users with email addresses from your configured Google Workspace domain will be required to signup using their Google account.
Warning
Existing users with email addresses from your configured Google Workspace domain will not be required to link their Google account, but they won’t be automatically joined to your organization.
Configure team for all users to join
You can mark one or many teams that users are automatically joined when they sign up with a matching email address. Configure this option by:
Navigate to the teams management page.
Click the <team name>.
Click Edit team
Enable Auto join users with an organization’s email address to this team.
Click Save
With this enabled,
all users that sign up with their employee@company.com
email will automatically join this team.
These teams can have either read-only or admin permissions over a set of projects.
Revoke user’s access to all the projects
By disabling the Google Workspace account with email employee@company.com
,
you revoke access to all the projects the linked Read the Docs user had access to,
and disable login on Read the Docs completely for that user.
Warning
If the user signed up to Read the Docs previously to enabling SSO with Google Workspace on your organization, they may still have access to their account and projects if they were manually added to a team.
To completely revoke access to a user, remove them from all the teams they are part of.
Warning
If the user was already signed in to Read the Docs when their access was revoked, they may still have access to documentation pages until their session expires. This is three days for the dashboard and documentation pages.
To completely revoke access to a user, remove them from all the teams they are part of.
See also
- How to manage Read the Docs teams
Additional user management options
- Single Sign-On (SSO)
Information about choosing a Single Sign-on approach