Contents:
SENET now supports Single Sign-On (SSO) for both the Central Admin Panel (CAP) and Shell interfaces.
This integration allows your organization to connect SENET to your existing Google Workspace, enabling secure and seamless login for your team members.
Why use SSO
🔐 Stronger security — users only need their corporate credentials, reducing the number of passwords they must remember and lowering the risk of compromised accounts.
⚙️ Simplified access management — manage permissions centrally through your identity provider.
🧠 Better user experience — users need only one corporate account to access all SENET modules they are authorized to use.
📈 Improved compliance and transparency — maintain consistent authentication policies across your organization.
How it works
SENET integrates with your organization’s Google Workspace using a secure OpenID Connect (OIDC) connection.
Once configured, users can log in to SENET using their corporate Google credentials, eliminating the need for separate SENET passwords.
How to set up SSO
If your organization uses Google Workspace, follow the steps below to prepare Google credentials and configure SSO. Our support team will finalize the configuration on the SENET side.
📌 Before starting, request the Redirect URL from the SENET support team — you’ll need it when configuring the Google OAuth client.
Step 1. Prepare Google credentials
Go to Google Cloud Console.
Select your project.
Navigate to API & Services → Credentials → Create Credentials → OAuth client ID.
When prompted, select Application type → Web application.
Enter a name (e.g., SENET SSO).
In the Authorized redirect URIs, add the URL provided by the SENET support team.
Click Create.
Download the generated JSON file, which contains your Client ID and Client Secret, that you’ll need later.
⚠️ Copy the Client Secret now — it will only be shown once here.
Download the JSON file for safekeeping, which contains both the Client ID and Client Secret.
Verify that the Cloud Identity API is active in your Google project. If it appears in your list of Enabled APIs, your project is ready for SSO setup. If it is not listed, click + Enable APIs and services, search for “Cloud Identity API”, and enable it.
Step 2. Check the Redirect URI
Open the OAuth client you created (API & Services → Credentials).
Make sure the Redirect URI matches the one provided by SENET.
Open your OAuth client in API & Services → Credentials → OAuth client ID.
Go to Data Access → Non-sensitive scopes.
-
Make sure the following scopes are listed:
openid…/auth/userinfo.email…/auth/userinfo.profile
⚠️ If any of these scopes are missing, click Add scopes → Update selected scopes, select the ones listed above, and save.
Step 3. Share credentials with SENET
Send the following information to SENET Support via a secure channel:
Client ID
Client Secret
The SENET team will complete the configuration on our side and notify you when Google SSO is ready.
Step 4. Test Google SSO
Open your SENET login page.
Click Sign in with Google.
Enter your corporate Google Workspace credentials.
If the login succeeds, your SSO integration is working correctly.
📌 Users must exist in the organization’s identity provider (Microsoft Entra ID / Azure AD or Google Workspace) before they can log in via SSO. If a user does not exist in the identity provider, SENET cannot create a profile automatically.
First-time login and account linking
When your organization uses Google Workspace, SENET does not create separate passwords or local accounts.
When a user logs in via SSO for the first time, SENET automatically creates a profile in its system using the existing corporate credentials.
The email field is automatically filled in based on your organization’s corporate domain.
Once the profile is created, the user can sign in to SENET through SSO.
If the user’s SENET profile is incomplete, they are redirected to the Complete Registration page.
Access to Shell will be granted only after all required fields are filled in.
Changes in Shell and CAP behavior
Shell login
Only SSO login is available.
Local login methods such as username/password or login by receipt are hidden.
Password reset and profile editing are disabled — credentials are managed through your corporate identity provider.
CAP login
For organizations using an external database, the Reset password option is removed.
In CAP, the Status column shows the account state. Pending means the user has not completed registration or verification.
Security and access confirmation
Actions that previously required entering a password (cash in/out, return receipt, close shift, Z-report) now use a confirmation page, eliminating the need to enter a password.
All authentication and access control are handled through your corporate identity provider, ensuring centralized and secure login.
Need help?
If your users experience login issues, or if your Google credentials (Client Secret, Client ID) change, please get in touch with SENET technical support. Our team will review the integration and update the configuration as needed.
Comments
0 comments
Please sign in to leave a comment.