Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rootprint.io/llms.txt

Use this file to discover all available pages before exploring further.

Rootprint supports Google OAuth as an additional sign-in method alongside the default username and password login. Once configured, a “Sign in with Google” button appears on the sign-in page. Users whose Google account email matches one of your allowed domains are automatically provisioned with the user role. If a Google account’s email matches an existing Rootprint account, the two are linked automatically.

Setup

1

Create OAuth credentials in Google Cloud Console

You will need a Google Cloud project. If you do not have one, create it at console.cloud.google.com before continuing.Go to the Google Cloud Console credentials page and create a new credential:
  • Application type: Web application
  • Authorized redirect URI: https://your-rootprint-url/api/auth/callback/google
Replace your-rootprint-url with the public URL of your Rootprint instance. After saving, copy the Client ID and Client Secret — you will need them in the next step.
2

Enter credentials in Rootprint

In Rootprint, go to Settings → Authentication, then click Configure on the Google row. Enter:
  • Client ID — from the Google Cloud Console
  • Client Secret — from the Google Cloud Console
  • Allowed domains — one or more email domains whose users are permitted to sign in (e.g. company.com)
Only users with an email address ending in one of the allowed domains can sign in with Google. For example, adding company.com permits alice@company.com but blocks user@gmail.com. You can add multiple domains if needed.
You can also verify the Callback URL shown in this section matches the redirect URI you registered in Google Cloud Console.
3

Save the configuration

Click Save. The change takes effect immediately — Rootprint reloads its auth configuration in place, so no restart is required. The “Sign in with Google” button appears on the sign-in page right away.
Google auth configuration changes — saving credentials, updating allowed domains, and removing Google auth — all apply live. Allowed domains are evaluated at sign-in time, so editing them takes effect on the next Google sign-in attempt.

Removing Google auth

To disable Google sign-in, open Settings → Authentication, click Configure (or Edit) on the Google row, and click Remove. The change applies immediately and the Google sign-in button disappears from the sign-in page — no restart required.
Rootprint tracks whether each user has a password set. Users who signed in exclusively via Google never had one, so Reset password and self-serve password change are disabled for them. To give a Google-only user password access after disabling Google auth, delete the user from Settings → Users and invite them again — the new invite link prompts them to set a password.