Google Workspace Integration

Shipyard.rs' Google Workspace Integration enables you to grant access to your organization account to all users with an email address from your Workspace domain name.

When enabled, Shipyard.rs accounts will be created on demand as new users log in for the first time, without needing to have used the "Invite User" process to initiate account creation.

How It Works

The Google Workspace Integration relies on Google to authenticate users, using the Oauth2.0 protocol. Once authenticated, the domain name of the user's email address is checked against all Workspace Domain settings enabled for Shipyard.rs organization accounts. If there is a match between domain names, the user is granted access to the Shipyard.rs organization account with the matching domain name.

Hypothetical Example

  1. The "Rust Evangelism Strikeforce" organization creates a Shipyard.rs account and subscribes to the Pro plan.

  2. Separately, the organization uses Google Workspace to host its email for the domain name rust-evangelism-strikeforce.org.

  3. Admin user segfaults_not_even_once@rust-evangelism-strikeforce.org sets the Workspace Domain setting of their Shipyard.rs account to "Enabled" for the domain name rust-evangelism-strikeforce.org.

  4. A junior developer at "Rust Evangelism Strikeforce", borrowck4eva@rust-evangelism-strikeforce.org, visits Shipyard.rs for the first time, clicking the "Login With Google" button to authenticate.

  5. Shipyard.rs servers match the domain name of borrowck4eva@rust-evangelism-strikeforce.org's email address to the Workspace Domain setting of the organization's account, create a new account for the user, and grant access to the registry.

Modifying the Workspace Domain Setting

The Workspace Domain setting can be modified using the Settings page.

First, click the "Edit" button to modify the setting:

Shipyard.rs workspace domain settings page

Click "Edit" to begin modifying the Workspace Domain Setting

Initially, the form will be in the "Disabled" state:

Shipyard.rs workspace domain form (disabled state)

Workspace Domain form in "Disabled" state. Clicking "Save" with the form in this state would disable the Workspace Integration for the account.

To enable the feature, toggle the switch button to "On" and set the domain name to your Google Workspace domain:

Shipyard.rs workspace domain form (enabled state)

Workspace Domain form in "Enabled" state. Clicking "Save" with the form in this state would enable the Workspace Integration feature using the specified domain name.

Finally, click the "Save" button to make the change.

To disable the Google Workspace Integration when it had previously been enabled, perform the same process in reverse, toggling the switch to "Off" position and saving the form in a "Disabled" state.

Login and Account Creation

When the Google Workspace Integration feature is enabled for a given domain, new users may access the organization's Shipyard.rs registry without performing the "Invite User" step to initiate account creation.

To create a new account, go to the Login page, and click the "Login With Google" button:

Shipyard.rs login form

Shipyard.rs Login form. Use the "Login With Google" button to access an organization's account as a Workspace user.

At the Oauth2.0 prompt, authenticate with Google for an email address with the same domain name as the organization's Workspace Domain setting:

Login With Google prompt

Google Oauth2.0 Consent Prompt

New Accounts Given "Read" Role

Accounts created on demand for a new Workspace user will be given the "Read" role. "Read" users can download crates and view crate docs at Shipyard.rs, but cannot publish crates or modify account settings (more about roles). The user's role can later be modified.

Requires Pro

The Google Workspace Integration feature requires a subscription to Shipyard.rs Pro.

Domain Name Limitations

For security reasons, some categories of domain names are not permitted to be used as Workspace Domain values:

  • the domain name is validated to have an ICANN-delegated suffix
  • domain names from public email services (e.g. hotmail.com) are not permitted
  • Google-owned domain names are not permitted
  • only root domain names allowed (no subdomains)
  • domain name must be unique across all Shipyard.rs organization's that have enabled the Google Workspace Integration