Shipyard.rs' Google Workspace Integration enables you to grant access to your organization account to all users with an email address from your Workspace domain name.
When enabled, Shipyard.rs accounts will be created on demand as new users log in for the first time, without needing to have used the "Invite User" process to initiate account creation.
The Google Workspace Integration relies on Google to authenticate users, using the Oauth2.0 protocol. Once authenticated, the domain name of the user's email address is checked against all Workspace Domain settings enabled for Shipyard.rs organization accounts. If there is a match between domain names, the user is granted access to the Shipyard.rs organization account with the matching domain name.
The "Rust Evangelism Strikeforce" organization creates a Shipyard.rs account and subscribes to the Pro plan.
Separately, the organization uses Google Workspace to host its email for the domain name rust-evangelism-strikeforce.org.
Admin user email@example.com sets the Workspace Domain setting of their Shipyard.rs account to "Enabled" for the domain name rust-evangelism-strikeforce.org.
A junior developer at "Rust Evangelism Strikeforce", firstname.lastname@example.org, visits Shipyard.rs for the first time, clicking the "Login With Google" button to authenticate.
Shipyard.rs servers match the domain name of email@example.com's email address to the Workspace Domain setting of the organization's account, create a new account for the user, and grant access to the registry.
The Workspace Domain setting can be modified using the Settings page.
First, click the "Edit" button to modify the setting:
Initially, the form will be in the "Disabled" state:
Workspace Domain form in "Disabled" state. Clicking "Save" with the form in this state would disable the Workspace Integration for the account.
To enable the feature, toggle the switch button to "On" and set the domain name to your Google Workspace domain:
Workspace Domain form in "Enabled" state. Clicking "Save" with the form in this state would enable the Workspace Integration feature using the specified domain name.
Finally, click the "Save" button to make the change.
To disable the Google Workspace Integration when it had previously been enabled, perform the same process in reverse, toggling the switch to "Off" position and saving the form in a "Disabled" state.
When the Google Workspace Integration feature is enabled for a given domain, new users may access the organization's Shipyard.rs registry without performing the "Invite User" step to initiate account creation.
To create a new account, go to the Login page, and click the "Login With Google" button:
Shipyard.rs Login form. Use the "Login With Google" button to access an organization's account as a Workspace user.
At the Oauth2.0 prompt, authenticate with Google for an email address with the same domain name as the organization's Workspace Domain setting:
Accounts created on demand for a new Workspace user will be given the "Read" role. "Read" users can download crates and view crate docs at Shipyard.rs, but cannot publish crates or modify account settings (more about roles). The user's role can later be modified.
The Google Workspace Integration feature requires a subscription to Shipyard.rs Pro.
For security reasons, some categories of domain names are not permitted to be used as Workspace Domain values:
- the domain name is validated to have an ICANN-delegated suffix
- domain names from public email services (e.g. hotmail.com) are not permitted
- Google-owned domain names are not permitted
- only root domain names allowed (no subdomains)
- domain name must be unique across all Shipyard.rs organization's that have enabled the Google Workspace Integration