Can you please help or share some articles which would help?
Please note that we referred to Google while setting up the same. However, it was not helpful to set it up with Google groups.
Use case: Enable Pritunl SSO only to a specific group of people (configured in google groups)
Google Workspace doesn’t have the same level of user access controls that traditional single sign-on platforms have. The best option for Google is to create an organization in Pritunl and configure it as the default single sign-on organization. Then leave this organization unattached to any servers. Organizations matching the names of Google groups can then be created and those can be attached to servers. Users not in the groups will not be able to connect to a VPN server.
Verify that the Groups option in the server settings is not set. This is a separate groups mode that requires also configuring user groups to match. This mode should only be used when required and can be enabled by running sudo pritunl set app.sso_google_mode '"groups"'.
That command shouldn’t be used to fix the issue, only to switch to the groups mode. If you are not intending on using the groups mode run sudo pritunl unset app.sso_google_mode. First verify the user is in the correct organization and check the title at the top of the profile page after authenticating which will show the organization name. Then verify this organization is attached to a server. Do not attempt to create the single sign-on user manually, this will create a local type user. The user should be created by the Pritunl server during the single sign-on authentication.
i’m not sure if i’m doing something wrong at Google Apps end or Pritunl but single sign on not working for selected group.Can you help things I need to check at google end also?
I have Google Json private key and email id. Things works fine without group option. But we want to restrict vpn for selected group that we are unable to do.