How to Configure Google with Identity

Sign in to Google Cloud

1. In https://cloud.google.com/ select "Console" in the top right, assuming you already have an account.

2. If this is your first time signing in or if you have never created a project within the Google Admin Console, you'll first need to agree to their terms & conditions. This should automatically pop up if you have not accepted them prior.

Create a Project in Google Cloud

1. Click the grid in the top left corner next to GoogleCloud > Hover your mouse over IAM & Admin > Select Create a Project.

   

2. Fill out the Project Name, Organization, and Location.
   

Configure your OAuth Consent Screen

Once the project is created you will need to configure your OAuth Consent Screen. Information on this page will be visible to users, so be cognizant of the information being entered.

1. To configure this, navigate to APIs & Services > OAuth consent screen

   

    

2. You will then be guided through the following screens. Please read through the descriptions of "Internal" and "External" and select the option that would best suit your business needs.

   

3. In this area, configure any options that may be applicable. In my case, I opted to skip the "App domain" section and only changed the settings for "App information". Do note that the app information will be shown to the user, as shown in the second screenshot below (clicking the App name will show the support email).
   
   

4. The next screen, Scopes, will ask you to add scopes. For more information on scopes, kindly reference Google's article here.
   Note:Scopes are optional and are not required for Addigy Identity to function at a basic level.

5. 
   

6. After clicking Update, select Save and Continue. 

7. Finally, you can click Back to Dashboard in the Summary area (step 3).
   

Create OAuth 2.0 credentials

Note: You may skip this step if you already have these credentials

1. Go to the Credentials page by clicking the hyperlink or going to APIs & Services > Credentials > OAuth client ID 
   

2. Select Web Application in the Application Type dropdown.

3. Enter a name for the application in the Name field.

4. Add the following Authorized redirect URI to Authorized redirect URIs:
   https://agent-service-prod.addigy.com/identity/redirect

   

5. Click Create.

6.  After you click create, you'll see your client ID and client secret (you'll need this later on in the setup):
   

You need OAuth 2.0 credentials, including a client ID and client secret, to authenticate users.

You can view your client ID and client secret from the Credentials in the Google API Console:

1. Go to the Credentials page.

2. Click the name of your credential or the pencil icon. Your client ID and secret are at the top of the page.

Additional Resources

https://developers.google.com/identity/protocols/oauth2/openid-connect

Configuring Identity with Google on the Policies page

With your client ID and secret, you may now configure your policy to deploy Identity with Google:

1. Navigate to the policies page

2. Select your desired policy

3. Select Integrations & Settings from the policy dropdown

4. Select Identity

5. Choose Google Identity Platform as the Identity provider from the dropdown

6. Fill in the Client ID and Client Secret information we generated from Google.
   

From here you can select the Identity features that you may wish to enable, then click Save Changes and deploy your policy. For information on these settings, kindly reference the following article: Identity Settings

After the policy deploys (which will happen automatically after every 30 or so minutes), the devices in that policy will receive Addigy Identity, configured with Google.

Your users will see the following at login: 

(Note - this experience changed on 5/2/2023 to fix an issue with this page becoming unresponsive. The Previous login page is below.) 

Previous to 5.2.2023 Login Page: