Single sign-on (SSO)
Most teams sign in with email and password. When your environment is configured for it, CXGear can also offer Google sign-in (and optionally Apple) so people use an identity they already trust.
SSO here means “sign in with a provider button on the login screen,” not a full corporate SAML directory sync. Enterprise customers who need custom identity providers should talk to CXGear about on-prem and enterprise SSO options.
When Google appears
Section titled “When Google appears”The login page only shows Continue with Google when Google OAuth is configured on the server (client id, secret, and redirect URL). If those settings are missing, the button is hidden and email/password remains the path.
Your administrator or hosting team enables this — operators do not turn it on from inside the app.
src/assets/screenshots/32-login-google.pngHow Google sign-in works
Section titled “How Google sign-in works”- Open the app login page.
- Click Continue with Google (wording may vary slightly).
- Choose the Google account and approve access if Google asks.
- You return to CXGear already signed in.
CXGear matches the Google account email to a user in your organization (or creates the account when signup-via-OAuth is allowed in your deployment). After a successful Google login, previous sessions for that user are replaced — the same single active session rules apply.
What Google does not replace
Section titled “What Google does not replace”| Still managed in CXGear | Why |
|---|---|
| Roles and permissions | Google proves identity; CXGear decides Admin vs Agent |
| Seats and billing | Active users still count on your plan |
| Project access | Organization and project rules still apply |
| Sign out | Use CXGear Sign out to revoke the app session |
If someone leaves the company, disable their CXGear user (and remove them from Google Workspace if you use it). Do not rely on “they lost the password” alone.
Apple sign-in (note)
Section titled “Apple sign-in (note)”CXGear includes hooks for Sign in with Apple when Apple credentials are configured on the server. In many deployments Apple is not enabled, so the button will not appear.
If you need Apple for iOS-first teams:
- Ask your administrator whether
AppleOAuth is configured - Expect the same session rules as password or Google login
- Prefer a single primary method per team so support stays simple
Until Apple is configured, use email/password or Google.
Enterprise and custom SSO
Section titled “Enterprise and custom SSO”Enterprise plans may include broader SSO (organization-wide identity, dedicated support). The in-product login buttons cover Google/Apple OAuth when configured. For SAML, OIDC to a corporate IdP, or on-prem identity, contact CXGear — those flows are environment-specific.
Success looks like
Section titled “Success looks like”- Google button appears only when configured
- Clicking it completes login without a separate password step
- User lands in the app with the correct roles
- Only one session remains active after OAuth login
Common problems
Section titled “Common problems”| Symptom | Likely cause | What to do |
|---|---|---|
| No Google button | OAuth not configured | Use password login; ask admin to enable Google |
| Redirect error after Google | Misconfigured redirect URL | Admin checks Google Cloud OAuth settings |
| “Not allowed” / no account | Email not in the organization | Admin invites the user first |
| Kicked off another device | Single-session policy | Expected; use Continue here if you need this device |