Seqrite Centralized Security Management

Prerequisites For Google IdP

Print Friendly, PDF & Email

1. Creating a user sync app on google cloud console

  1. Log on to the Google Cloud Platform https://console.cloud.google.com/

    step 2.1

    In the left pane, navigate to IAM & Services > Create a Project.

    step 2.2

    Fill all the required information and click Create.

  2. In the left pane, navigate to APIs & Services > Dashboard.

    step 2.2

  3. Click ENABLE APIS AND SERVICES.

    step 4

  4. In the API Library search box, search Admin SDK and select Admin SDK API.

    step 5

  5. Click the Enable button.

    step 6

  6. In left pane, navigate to APIs & Services and select Credentials.

    step 7

    Click Configure consent screen.

    step 8

  7. In the OAuth consent screen section, fill all the required information and click Save And Continue. (Keep the App Domain and Authorized domains blank).

    step 10

  8. In the Scope section, keep everything blank and Click Save And Continue.

    step 11

  9. Check summary and navigate to Credentials in left pane. Click Create credentials. Select OAuth client ID.

    step 12

  10. Select Web Application in Application Type dropdown. Enter application name and add below URL in Authorized redirect URIs and click Create.

    step 13.2 new

    https://cnsdev.qhtpl.com/cns//webcns/idp-management/add-edit-idp
    https://cnsqa.qhtpl.com/cns//webcns/idp-management/add-edit-idp

    Note:
    Replace with your tenant code. You will get tenant code in your admin console URL.

    Refer the following image.

    step 13.1

  11. Copy Client ID and Client Secret. Download JSON to get Project ID.

    step 14

  12. Perform the authorization step using Client ID, Client Secret and project ID created from above and must be performed using a Google Workspace Admin account.

    Post Authorization Successful please create idp

    Note: The authorizing user must be an Admin with read access to Users, Groups, and Devices. These privileges are required to complete the IDP setup and ensure that user synchronization works correctly.

2. Reauthorization workflow for Admin when performing Google IDP creation again with same user

Removing existing OAuth client ID from google cloud console

Authorizing error for google IdP

If the OAuth client ID has been authorized and already in use, then an error occurs on the Add IdP page for IdP type Google workspace.
We need to remove this OAuth client ID from google cloud account permissions page (URL).
To remove the existing OAuth client ID from google cloud console permissions page, follow these steps.

  1. Navigate to permissions page (https://myaccount.google.com/permissions) on google cloud console.

    Note:
    The admin user must be logged in for accessing this page.

    Existing OAuth client IDs new

  2. Click the OAuth client ID for which you want to remove the access and click Remove Access.

    3. Remove access

  3. Click OK.
  4. Now you can add this OAuth client ID on the Add IdP page.

    Selected OAuth ID

Was this page helpful?
Yes No