Integration Proxmox with G Suite for authentication?

[victorhooi]

Hi,

Does anybody have any experience with integration Proxmox with G Suite (aka Google Apps) for authenticating to the web interface?

How did you achieve this?

(It seems like one way is to get G Suite Enterprise or Cloud Identity, and use the Secure LDAP product. However, I'm curious how people are actually doing this in the field, so I can see some alternatives).

Also - this thread seems to suggest there's still open bugs around Proxmox and LDAP with SSL (LDAPS).

Thanks,
Victor

 

[oguz]

Hi.

You can take a look here for a general idea.

https://pve.proxmox.com/wiki/Two-Factor_Authentication

 

[victorhooi]

@oguz - I think this is actually something different -

This is for adding a extra 2FA to existing username/password login.

However, I'm looking at replacing the username/password with G Suite logins (i.e. SSO). Has anybody done something similar in Proxmox?

 

[LnxBil]

However, I'm looking at replacing the username/password with G Suite logins (i.e. SSO). Has anybody done something similar in Proxmox?

I thought about this. Easiest way would be to use OAUTH2 and get instant authentication with a ton of providers. Another possible method would be SSL client certificates, but I did not had time to research and build a proof of concept for this.

 

[victorhooi]

Interesting - is OAUTH2 authentication available in Proxmox?

All I could find was this discussion thread from March 2018:

https://pve.proxmox.com/pipermail/pve-devel/2018-March/031317.html

but I didn't see if anything became of it?

 

[LnxBil]

Yes, that was my post back in the days. There is no such integration at the moment, yet I'd like it very much.

 

[blindrain]

openid handles this now and exists but I'm still trying to figure out how to use it. https://pve.proxmox.com/wiki/User_Management#pveum_authentication_realms

 

[victorhooi]

@blindrain Did you manage to get Google accounts with OpenID working? Or what issues did you hit?

 

[psyl4n3]

I know this is a bit of a necropost, but this is what I did to use OIDC with Google Workspace.

In Proxmox:

1. Datacenter
2. Permissions
3. Realms
4. Add -> OpenID Connect Server
5. Configure as such (Client ID provided from Google, the Client Key you'll use is named a Client Secret within Google), check default if you'd like.
   

In Google Cloud (not going to go into details on creating the web application/OAuth 2.0 Client IDs etc). In my use case I specify 2 URIs because I also put Traefik in front of Proxmox. If you aren't using a reverse proxy or something similar, using the format like I've used in the second URI will suffice:

1.