1. Go to the Google Cloud Console and create or use an existing project. Then go to APIs and service and click + CREATE CREDENTIALS and select OAuth client ID


  1. Choose "Web application" for the client type

  2. For the Authorized Javascript origins put https://secoda.company.com and http://secoda.company.com

  3. For the Authorized redirect URIs put https://secoda.company.com/auth/realms/secoda/broker/google/endpoint and


  1. Click Save

  2. Save the client id and secret that are generated


  1. Go to https://secoda.company.com/auth/admin/master/console/#/realms/master, sign in with the username admin and Keycloak password you added to the onprem.tfvars file and switch to the Secoda Realm in the top left. Then click on Identity Providers ****in the left hand navigation menu of Keycloak.

Screen Shot 2021-12-03 at 3.12.23 PM.png

Screen Shot 2021-12-03 at 3.13.17 PM.png

  1. Click "Add provider..." and select Google

  2. Add your client ID and secret to the input boxes**.** You may enable Trust Email. Click save.

  3. Enjoy using Google SSO!