In order to enable Google Authentication for Aeries, the G Suite for Education Administrator must first set up credentials for Aeries to use in the Google API Console. When using the Google API Console, make sure you are not using your own or another staff member’s account. You should always use an account created specifically for interfacing with services and applications. We recommend creating a user called “Aeries Service” for this purpose.
Note: If you have already created a Google API Console project for Google Integration with Aeries (i.e., student account automation or Google Classroom), you may use that same project and skip to the Configure Consent Screen section below.
Create a New Project
Using your "Aeries Service" account, login to the Google API Console. If this will be your first project, click the Create a project button that displays on the page.
Name Your Project
We suggest naming your project something like "Aeries Integration" or similar so it is easy to identify.
Configure Consent Screen
Select that newly created project from the drop-down if it is not already selected. Click the Credentials node from the left-hand menu if it is not already selected. Now click on the OAuth consent screen tab. When configuring the Consent screen be sure to set the Product Name and Product Logo as shown below, with Aeries and http://www.aeries.com/downloads/images/AeriesA_120.png respectively. If you have public URLs for your privacy policy and/or terms of service, this is a great place to include those as well.
Once the data has been entered, click the Save button to save the changes.
Create New Credentials
You will now create a set of OAuth 2.0 credentials that Aeries will use to communicate with Google to authenticate users. This information will be copied and pasted into Aeries later in the setup.
Click on the Credentials node on the left hand menu if it is not already selected.
Next, click the Create Credentials drop down and select OAuth client ID.
Select Web application, and give your account a recognizable name.
Google Authentication will not work without the proper redirect URIs set up for your new Client ID. It’s very important that Login.aspx, LoginParent.aspx, and Security/OAuth/SendAuthRequest are entered here for all URLs your district will be using.
Google treats the redirect URIs as case-sensitive. So, to be safe, you may wish to create multiple entries for the same URL (e.g., "mydomain.org/Aeries" and "mydomain.org/aeries") to account for different bookmarks and hyperlinks that users may use to access your Aeries instance.
After you have all of your redirect URIs set up, click Create. You will now be displayed your Client ID and Client Secret. Copy this data into a safe location for use later in this setup.
NOTE: Remember to always force SSL and only use HTTPS for your Aeries sites. Running a Student Information System over an unencrypted protocol greatly increases the risk for security breach.