1. Go to the Google Cloud Console and create or use an existing project. Then go to APIs and service and click + CREATE CREDENTIALS and select OAuth client ID

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b61260aa-f9ae-43d7-aacf-b802cf5e539b/Untitled.png

  1. Choose "Web application" for the client type

  2. For the Authorized Javascript origins put https://secoda.company.com and http://secoda.company.com

  3. For the Authorized redirect URIs put https://secoda.company.com/auth/realms/secoda/broker/google/endpoint and

http://secoda.company.com/auth/realms/secoda/broker/google/endpoint

  1. Click Save

  2. Save the client id and secret that are generated

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/4c5158b0-e3eb-4082-8397-edc9de9c208a/Untitled.png

  1. Go to https://secoda.company.com/auth/admin/master/console/#/realms/master, sign in with the username admin and Keycloak password you added to the onprem.tfvars file and switch to the Secoda Realm in the top left. Then click on Identity Providers ****in the left hand navigation menu of Keycloak.

Screen Shot 2021-12-03 at 3.12.23 PM.png

Screen Shot 2021-12-03 at 3.13.17 PM.png

  1. Click "Add provider..." and select Google

  2. Add your client ID and secret to the input boxes**.** You may enable Trust Email. Click save.

  3. Enjoy using Google SSO!