Temporal WEB UI

Hi all,
I trying to config UI authenticate with google SSO, I can login by google to my UI so can I limit user (google account) can login to my UI ? This is my config.
By the way, I’m have some confuse about “audience” ? Please guide me or give me docs for config If it really exists.
Thanks all.

image

afaik Google has access control for corporate users, haven’t seen the access control management for regular Google accounts, here are their docs on that Overview of identity and access management  |  Identity and access management  |  Google Cloud

There are OIDC providers that certainly allow limiting authorization to specific users only and also control their permissions, such as Auth0, Okta, or open source - Keycloak. You can still use Google accounts with these providers and receive nice permissions granularity

Note: please also make sure to read our docs on Temporal server security and authorization. Temporal server (and the authorizer plugin) is the final consumer of authorization JWT token and should make a decision whether to allow/deny requests Temporal Server security | Temporal Documentation

1 Like

I have integrated with Okta and it’s working well.
Thanks for your support,