Skip to content

Single sign-on (SSO)

Most teams sign in with email and password. When your environment is configured for it, CXGear can also offer Google sign-in (and optionally Apple) so people use an identity they already trust.

SSO here means “sign in with a provider button on the login screen,” not a full corporate SAML directory sync. Enterprise customers who need custom identity providers should talk to CXGear about on-prem and enterprise SSO options.

The login page only shows Continue with Google when Google OAuth is configured on the server (client id, secret, and redirect URL). If those settings are missing, the button is hidden and email/password remains the path.

Your administrator or hosting team enables this — operators do not turn it on from inside the app.

Screenshot needed
Login screen with email/password and a Continue with Google button visible.
Where: Login (Google OAuth configured)
Save as: src/assets/screenshots/32-login-google.png
  1. Open the app login page.
  2. Click Continue with Google (wording may vary slightly).
  3. Choose the Google account and approve access if Google asks.
  4. You return to CXGear already signed in.

CXGear matches the Google account email to a user in your organization (or creates the account when signup-via-OAuth is allowed in your deployment). After a successful Google login, previous sessions for that user are replaced — the same single active session rules apply.

Still managed in CXGearWhy
Roles and permissionsGoogle proves identity; CXGear decides Admin vs Agent
Seats and billingActive users still count on your plan
Project accessOrganization and project rules still apply
Sign outUse CXGear Sign out to revoke the app session

If someone leaves the company, disable their CXGear user (and remove them from Google Workspace if you use it). Do not rely on “they lost the password” alone.

CXGear includes hooks for Sign in with Apple when Apple credentials are configured on the server. In many deployments Apple is not enabled, so the button will not appear.

If you need Apple for iOS-first teams:

  • Ask your administrator whether Apple OAuth is configured
  • Expect the same session rules as password or Google login
  • Prefer a single primary method per team so support stays simple

Until Apple is configured, use email/password or Google.

Enterprise plans may include broader SSO (organization-wide identity, dedicated support). The in-product login buttons cover Google/Apple OAuth when configured. For SAML, OIDC to a corporate IdP, or on-prem identity, contact CXGear — those flows are environment-specific.

  • Google button appears only when configured
  • Clicking it completes login without a separate password step
  • User lands in the app with the correct roles
  • Only one session remains active after OAuth login
SymptomLikely causeWhat to do
No Google buttonOAuth not configuredUse password login; ask admin to enable Google
Redirect error after GoogleMisconfigured redirect URLAdmin checks Google Cloud OAuth settings
“Not allowed” / no accountEmail not in the organizationAdmin invites the user first
Kicked off another deviceSingle-session policyExpected; use Continue here if you need this device