̽»¨´óÉñ

Integrate an existing Identity Provider (IdP) with ̽»¨´óÉñ to allow users to securely authenticate using their IdP credentials to gain access to their managed resources. 

Prerequisites

• You need to have a Google Cloud account with the permission to create new Google Cloud Projects . 
• You need to have Admin with Billing permissions to configure an IdP. 

Considerations

• Federated authentication will be applied to only specific user groups. See Routing Policies for Identity Providers to learn more.
• Creating the IdP won't automatically result in users logging in with that IdP.
• User Portal access will be available with a federated login. If you don’t want User Portal access, you can create a policy to deny this, see Get Started: Conditional Access Policies to learn more. 
• In order to provision users from your Google Workspace directory to ̽»¨´óÉñ, see Configure the Google Cloud Directory Sync to learn more.
• If you have third party SSO for your organization turned on in Google Workspace, you'll need to turn it off for it to work with ̽»¨´óÉñ. See Configuring an Organization-wide Third Party SSO Profile to learn more.

Preparing your IdP to Configure with ̽»¨´óÉñ

To prepare your connection:

1. Log in to your Google Cloud Console.
2. Next to the logo in the top left corner, click the dropdown menu, then in the top right corner of the modal, click NEW PROJECT. Name it something associated with ̽»¨´óÉñ, like ‘̽»¨´óÉñ OIDC’ and click CREATE.
   

3. In the left menu, go to OAuth consent form.
4. Click Get Started to configure Google Auth Platform.
   
5. On the App Information page, enter an App name*, something associated with ̽»¨´óÉñ, like ‘̽»¨´óÉñ’.
6. In the next dropdown menu, select a User support email*.
7. Click NEXT.
   
8. Under Audience, select Internal, then click NEXT.
   
9. Under Contact Information, enter a contact email address, then click NEXT.
   
10. Under Finish, select to agree to the policy and click CONTINUE, then CREATE.
    
11. In the left menu, go to Branding. Scroll down to Authorized domains, under Authorized domain 1*, enter jumpcloud.com
12. Under Developer contact information, enter an Email address*. 
13. Click SAVE.
    
14. In the left menu, go to Data Access to manage the scopes. Click ADD OR REMOVE SCOPES.
15. Select the first three scopes; email, openID, and profile. 
16. Click UPDATE then SAVE.
    
17. In the left menu, go to Clients. In the top menu, click + CREATE CLIENT.
18. On the next page, click the Application type* dropdown menu and select Web application.
19. Then, enter a Name*, something associated with ̽»¨´óÉñ, like ‘̽»¨´óÉñ OIDC’.
20. Under Authorized redirect URIs, enter https://login.jumpcloud.com/oauth/callback
21. Click CREATE.
    
22. You’ll get a successful OAuth client created modal with the Client ID, Client secret, Creation date, and Status. 
23. Copy the Client ID and Client secret to your clipboard. You’ll need these to configure Google Cloud in ̽»¨´óÉñ. Then click OK to exit out of the modal. 

Now, you have a connection to ̽»¨´óÉñ in Google Clou