Currently, it’s not possible to add multiple domains when configuring Google SSO in Pritunl-Zero, unlike Pritunl where this feature is supported. A workaround is to configure multiple Google SSO providers for different domains. However, this approach breaks a valuable functionality: ‘Force fast user single sign-on login’.
There’s much better support for multiple authentication provides in Pritunl Zero, you just need to scroll to the bottom and add an additional Google provider or any other provider. Each can have a label indicating which domain and provider it is. With Google it doesn’t matter which label the user selects at the login page, internally the domain is matched to the provider. You can also create two Google providers for each domain with the same label and it will show only one button. The fast login options should also support multiple Google providers with different domains, these would remove the button and immediately redirect the user to Google for authentication.
I have already done so and it is not working as expected: added 2 Google providers with the same Label “Google SSO Login” and different Domains. Enabled Fast single sign-on login and Force fast user single sign-on login and it is still presenting to the user one login button named “Google SSO Login” and not redirecting automatically to Google.
I did check the fast login and there is currently a limitation with that when using 2 Google providers. This may change in the future.
I have developed a fix for this and in the next release the force fast login will work if all providers are Google.
Thanks @zach , is there any date for the next pritunl-zero release?
The release is planned for this week.
I have tested release pritunl-zero v1.0.2887.68 and this feature is still not working for me.
I have 2 SSO providers (Google) with the same Label (Google SSO Login), domain names differ and the rest config is exactly the same. The 3 fast and force options enabled: Fast single sign-on login, Force fast user single sign-on login and Force fast service single sign-on login.
This code was added to Pritunl Cloud but never copied over to Pritunl Zero. It will be included in another release later today.
Thanks, now it is working, but i realized that when enabling it the query params during the login are being lost again (see Query string gets lost in url-redirect - #6 by Latorre)
This should be fixed in the unstable release, it will be moved to stable today.