Here are some learnings on Google SSO set Up


I am very new to Knack and have been prototyping to see if it fits a client's needs. I am using the Custom CRM template as a starting tool to play around with.

I wanted to use Google SSO (client used Gsuite). I used this document and although screens seem to have changed somewhat, I was (surprisingly :-)) able to get in working.

Summary: If you use Gsuite you need to login to google console with the domain admin UID/Password and go to credentials and set up a new OATH 2.0 Client Ids. In the "Authorized JavaScript origins" make sure you change to (as per the document linked above). You then just cut and paste the Application ID and API Key into knack app. In google console under OAuth consent screen, I set user type to internal which seems to limit sign-ups to the knackapp to domain users only ( e.g.

The issue for me was: when the users come to login in the old (non-SSO) login box is still showing which is confusing.

There are instructions here how to turn this off, however, that also turned off the ability to register as a new user as well. Through trial and error I figured out that using the CSS below, turns off the login box but allows the register as a new user:

/* To hide obsolete login box if using Google SSO but leave the Register s new user box */
form.login_form.control {
display: none;

I have it set-up so that new users that register, need approval - this is because the Custom CRM template has two user types: Reps and Mgrs. So when the user registers for the app using Google Sign up it creates a record in the Knack app accounts table, but they still can't log in until the admin assigns them a role. Once this is done the user can login

Right now it doesn't seem to be alerting the admin that a user has requested access but that's probably fixable through some trigger I haven't figured out yet.

Hope this info is of some use to somebody and if there are corrections/better ways of doing this please post



Actually am thinking its easier to download all users from Gsuite admin and upload to knack and pre approve. Then when they go to login using the "Sign-in with Google " button its all pretty seamless for users

Thanks for sharing i've been wondering how the SSO works with Knack for more than a year.