Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Identity broker

Google external IDP

search
printsuggest an editpdf paneldownload

Google external IDP

The Google social connection lets users log in to your application using their Google profile.

copy link to clipboardRequest credentials at Google

Google also describes their registration process.

copy link to clipboardPrerequisites

This process requires:

copy link to clipboardCreate a project at Google

copy link to clipboardObtain OAuth credentials

  1. If the APIs & services page isn't already open, open the console left-side menu and select APIs & services.

  2. On the left, click the Credentials page.

  3. Click New Credentials and then select OAuth client ID.

  4. For the application type, select Web Application.

  5. Add your Authorized JavaScript origins: https://<tenant-domain>

  6. Add your Authorized redirect URIs, which looks like: https://<tenant-domain>/broker/authentication/callback.

  7. Click Create.

copy link to clipboardCopy the credentials

  1. On the next page, copy the Client ID.

  2. Copy the Client secret.

The Google documentation explains how set up the consent screen.

copy link to clipboardConfigure Google as an external IDP in the Identity Broker

  1. Click Add identity provider and select OpenID Connect.

Typically, you fill in the following connection details:

  • Display name: Google (just an example)
  • Active: Select the check box
  • Client ID: The Client ID that you copied
  • Authentication method: Client secret post
  • Client secret: The Client secret that you copied
  • Well-known configuration endpoint: Enter https://accounts.google.com/.well-known/openid-configuration and click Load.
    • This prefills the Authorization endpoint, Token endpoint, Issuer, User information endpoint, and JWKs URI.
  • Signature type: Asymmetric
  • Encrypted JWT: Do not select the check box
  • Single logout: Do not select the check box

copy link to clipboardGoogle IDP variant

You always need at least one variant. For Google, you only need to configure a variant name, such as Authentication.

For scopes, Thales recommends openid, email, and profile, but you can add more scopes.

On this page