SSO With Google

This guide provides step-by-step instructions on how to configure single sign-on (SSO) with Google. You already use Google to conveniently manage permissions to applications. After SSO configuration is complete, you’ll also be able to use Google to manage permissions to your Datasources.

Steps #

1. First, enable API access. From the Google Admin console, navigate to the Security tab. Under API reference, enable API access.
2. Navigate to https://console.developers.google.com and click Create Project. On the New Project dialog, set the following:
   1. Project name: Give the project a name.
   2. Organization: Select strongdm.com.
   3. Location: Select strongdm.com.
3. From the APIs & Services menu, select OAuth consent screen. Then select user type Internal and click Create.
4. On the Edit app registration page, set the following (in addition to any required fields):
   1. App name: Enter StrongDM.
   2. Application home page: Enter https://app.strongdm.com.
   3. Authorized domains: Add strongdm.com as the domain.
5. From the APIs & Services menu, select Credentials and then click Create Credentials to create a new OAuth client ID. On the page that opens, set the following:
   1. Application type: Select Web application.
   2. Name: Enter StrongDM.
   3. Authorized JavaScript origins: Enter https://app.strongdm.com as the URI.
   4. Authorized redirect URIs: Enter https://app.strongdm.com/auth/return as the redirect URI.
6. Copy the OAuth client ID and client secret. You will need them in a later step.
7. Next, enter the account details in the StrongDM Admin UI. Go to Settings > User Management. In the Single Sign-on section, set the following:
   1. Provider: Select Google.
   2. Single sign-on URL: Add your URL (https://accounts.google.com).
   3. Client ID: Paste your client ID.
   4. Client Secret: Paste your client secret.
8. Select your desired general SSO settings and click activate.