Signed-In Google Meet Bots

Sign in your Google Meet bots to a Google Account

By default the Google Meet bot will join meeting as guest participant.

This can lead to limitations like:

  1. Showing a warning message that the bot may not be who they claim to be
  2. Not able to change avatar image
  3. Not able to join meetings which only allow signed in users.

1\. Unauthenticated Teams bot warning message

(1) Unauthenticated Teams bot warning message.

This warning can be uncomfortable for end users, especially if they don't understand it.
You can avoid this using Signed-in Google Meet bots.

In order to avoid these, Recall supports authenticating your Google Meet bots by providing them a set of configurable credentials before joining a meeting.

πŸ“˜

Bot name not configurable

Since authenticated Google meet bots get their name from the Google account used to authenticate the bot, this overrides the bot_name parameter in Create Bot endpoint.

Setup


1. Create a Google Login Group

A login group stores references to multiple logins(Google accounts). This allows Recall to perform a round robin allocation and avoid hitting concurrency limitations for authenticated accounts.

Use the Create Login Group endpoint to add a login group.

  • name - Allows you to set a name to the login group (for e.g Production Primary)
  • login_mode - Set whether bots using this login group should always login or only if required.

Example curl request:

curl --request POST \
     --url https://api.recall.ai/api/v2/google-login-groups/ \
     --header 'Authorization: ${RECALL_API_KEY}' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "login_mode": "always",
  "name": "Bot Group 1"
}
'

When the bot joins the call, it will use a login(Google account) (will be setup in Step 3) from the login group to authenticate itself.

2. Create a new Google Workspace

The bot uses SSO based authentication and in order to proceed you need to create a new dedicated Google Workspace.

  • You can use any domain, either a new domain that you register for this purpose, or a subdomain of your primary domain. For instance sso.yourcompany.com. You cannot reuse your existing Google Workspace if you already have one. The reason is because this method relies on the organization-wide SSO policy which will break login for all accounts on your existing Google Workspace.
  • You can use email like [email protected] to sign up for the dedicated Google workspace.
  • You must have a paid workspace, it can be on the cheapest (starter) tier. You can start with single user but may need to add more users depending on your concurrent bot usage.

Setup SSO Profile

  1. Create an RSA private key and self-signed certificate. Store these files somewhere safe! They will be needed in later steps
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes
  1. In the Google Workspace admin, Add 3rd party SSO profile for the organization
    1. Check "Set up SSO with third-party provider"
    2. Setup redirect URLs
      1. Sign-in page URL: https://api.recall.ai/api/v1/bot/gmeet-sign-in
      2. Sign-out page URL: https://api.recall.ai/api/v1/bot/gmeet-sign-out
    3. Verification certificate: Upload the cert.pem file created in step 1
    4. Check "Use a domain-specific issuer"Scroll to the bottom and click "Save"

3. Create a Google Login

Now you can start adding logins(Google accounts) to the login group(created in Step 1). Use the Create Login Endpoint to add the first login.

  • group_id - Set this to the id of the login group created in Step 1.
  • sso_v2_workspace_domain - Set this to the domain of the Google workspace created in Step 2
  • sso_v2_private_key - Set this to the private key you generated in Step 2
  • sso_v2_cert - Set this to the cert you generated & uploaded in Step 2
  • email - Set this to the email account you created the Google workspace with (e.g [email protected])
  • is_active - Set this to true to enable this login to be used by the login group.

Note: We recommend calling this endpoint using Postman, Insomnia, or a related tool, as cURL and the request sender in our docs are known to cause issues with PEM strings. Use form-data so you don't have to re-format the strings.

Verify that the login has been successfully created using the Retrieve Google Login Group endpoint. The logins field in response should include the login created above.

4. Verify Bot Join Call

We have successfully setup a login group with an active login(Google account). Use the Create Bot endpoint to send a bot to a test Google Meet call and specify the login group id as google_meet.google_login_group_id parameter in the request. Also specify google_meet.login_required to force the bot to log in, even if it's not required to join the meeting, to ensure the bot uses the credentials to join your test meeting. You don't need to specify this parameter in normal usage.

  1. You should receive the bot's request to join the call
  2. The bot should have the name and profile picture which was setup when creating the new Google Workspace.
  3. Additionally, you can invite the bot's email address (e.g [email protected]) to a Google Meet call. This will ensure the bot automatically joins the call instead of being in the waiting room.

5. Adding more Logins

🚧

Handling high login concurrency

If a login group runs out of enabled (is_active) Google logins (accounts) due to high concurrent usage the affected bots will produce a fatal event with google_meet_login_not_available as the sub code.

This indicates you need to add more Google Logins to the affected login group.

Each login supports roughly 30 concurrent logins, but we recommend you err on the side of caution when deciding on a number of logins to create.

We recommend creating at least 3-4 logins to start, especially if you expect to have multiple bots joining the same call at any point.

To add more logins:

Create a new user in the Google workspace

Add a new user to the Google Workspace. Google has written detailed steps to create a new user in your Google Workspace account.

Create Login in Recall

Use the Create Login Endpoint to add the login in Recall.

  • group_id - Set this to the id of the login group for which this account has been created.
  • sso_v2_workspace_domain - Set this to the domain of the Google workspace created in Step 2
  • sso_v2_private_key - Set this to the private key you generated in Step 2
  • sso_v2_cert - Set this to the cert you generated & uploaded in Step 2
  • email - Set this to the email account you created in above step.

Verify Multiple Logins

To verify that all logins added to a login group work correctly, you can schedule multiple bots (same as the number of logins associated with a login group) to join a test Google Meet call at the same time(use the join_at parameter in the Create Bot request).

πŸ“˜

We recommend to configure all logins(Google accounts) belonging to a login group to have similar properties such as profile picture, account name etc.


Troubleshooting


Check these things if signed-in Google Meet bots are failing to join calls.

Check the language of the bot's Google account preferences

Authenticated bots rely on language-sensitive context to join calls.

To ensure authenticated Google accounts can join calls, make sure the language is set to en-us by navigating to https://myaccount.google.com/personal-info and checking this setting:

Personal info > General preferences for the web > Language ➑️ English (United States)

Other Questions? Check out the Authenticated Bots FAQ.