The Google authentication mechanism allows any user agent (i.e. anybody) to authenticate using their Google account. Google distinguishes user identities by what realm they are logging into. Use the same OpenID realm pattern across different realms to have the realms share the same set of user identities. You will need to sent out an invitation to every user for every realm pattern to ensure users have correct access to every realm. Change the origin of the registration link in the invitation to match the invitation to the realm.

When filling out the New OpenID Manager dialog box, refer to the definitions below of the input boxes and their suggested values.

Term Definition Sample Value
Label Name for the authentication scheme. Google Accounts
OpenID Endpoint URL The URL against which the Google Accounts are authenticated. It is rare that this value will need to change. https://www.google.com/accounts/o8/ud
OpenID Realm Pattern A pattern that represents the part of URL-space for which an OpenID Authentication request is valid. http://*.example.com/
Comment Comment for the authentication scheme used for display at sign in. Sign in with your Google account
Authentication Button The image used for display purposes on the sign-in page.

An OpenID realm pattern is a pattern that represents the part of URL-space for which an OpenID Authentication request is valid. A realm pattern is designed to give the end user an indication of the scope of the authentication request. Google will present the authority portion of the realm pattern when requesting the end user's approval for an authentication request. The realm pattern is used by Google to allow the end user to automate approval of authentication requests for realms of this pattern.

A realm pattern is a URL, with the following changes:

  • A realm MUST NOT contain a URI fragment
  • A realm MAY contain a wild-card at the beginning of the URL authority section. A wild-card consists of the characters "*." prepended to the DNS name in the authority section of the URL.