# Google

This guide shows how to configure Google as your identity provider.

## Prerequisites 

* You are an administrator of your Google Cloud Console
* You have [enabled the Admin SDK API](https://developers.google.com/workspace/guides/enable-apis) (required for synchronizing Groups)

## Create the OAuth application

1. Log into the [Google Cloud Console](https://console.cloud.google.com/).
2. Select an existing Project or create a new one.
3. Navigate to the [Google Auth Platform](https://console.cloud.google.com/auth/overview) via the Menu ![](https://storage.googleapis.com/support-kms-prod/JxKYG9DqcsormHflJJ8Z8bHuyVI5YheC0lAp) bar on the left.
4. If Google Auth Platform is not yet configured, click **Get Started**![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FQNa12laLtAF0P09bBhGU%2Fimage.png?alt=media\&token=1849719f-5f3a-4e29-b60e-66c2079f54cb)
5. Enter a name for this application (e.g. **Neurox Web App**) and select a user support email. Click **Next**.\
   .![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2Fg2z5gUzznMWKmxHvrDee%2Fimage.png?alt=media\&token=4cdffb01-2746-4116-8a0a-e4145dd04368)
6.  Select your intended **Audience**. We recommend **Internal** unless you want users to log in with email domains outside of your Google Workspace.\
   Click **Next**.\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FvBDUrSASP4jRcHnC2vfs%2Fimage.png?alt=media\&token=9e500d18-a1de-43b7-ac7d-5aca5f606722)
7. Enter an email address for Google to contact you. Click **Next**.\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2Fg4lCDU4CPMjDNesa9561%2Fimage.png?alt=media\&token=c0045c6a-5d9a-4927-acfe-5e70affde404)
8. Check the box to agree to Google's API Services policies. Click **Continue**.\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2Fr4P6hH3KwOo2ccRHjcJQ%2Fimage.png?alt=media\&token=40eadeac-1c2d-4226-946e-eed906aae124)
9. Click the **Create** button to create your application.\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FdM6sRNGWa2dV7gdCGXiH%2Fimage.png?alt=media\&token=91b9bf3d-c06d-47b7-bbcb-f50ad4b63664)

### Create the OAuth client

1. Click the **Create OAuth Client** button.\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2Ftyq63uBVxcOdO5hRbtWN%2Fimage.png?alt=media\&token=8eb658bf-5df6-471c-9ebe-2824bd98cede)
2. Under **Application type** select **Web application**\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2F0ppzZtABD0V6A4t26O4d%2Fimage.png?alt=media\&token=12ce3186-6d09-4b5c-9580-f2fa2d644e9e)•
3. Enter a **Name** for your OAuth Client (e.g. **Neurox Web App**)\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2F9lntYwPhmxcOyel1NNaG%2Fimage.png?alt=media\&token=84b23393-c3d1-4eda-8767-c02ea10a7d2f)
4. Under **Authorized JavaScript origins** click **Add URI**\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FzscFtQHPlGOoQYciIJNh%2Fimage.png?alt=media\&token=dcacea74-7b1f-4947-a72e-4fb68df6cc81)
5. In **URIs 1** enter your **Control Portal** URL (e.g. `random-words.goneurox.com`)\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FoSZHbQkRmEZlVrZfYIfh%2Fimage.png?alt=media\&token=26d0664b-2ab4-4182-9d0b-b23468a00ed8)
6. Under **Authorized redirect URIs** click **Add URI**\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2F9fI9VwmhhAmvnUUBB7mq%2Fimage.png?alt=media\&token=5c8c7912-ecc0-4062-9cea-2cf4c40f7890)
7. Enter the following URIs (click **Add URI** to add more):
   1. `https://random-words.goneurox.com/api/connect/google/callback`
   2. `https://random-words.goneurox.com/idp/callback`
   3. `https://random-words.goneurox.com/sso/auth`\
      \
      Be sure to replace `random-words.goneurox.com` with your actual subdomain.\
      ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FsPQedNQpjD8hvgyP1etm%2Fimage.png?alt=media\&token=df22128b-b14b-436e-a38e-1da36fbaaab2)
8. Click the **Create** button\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FdnOr3XRDNvbLqfaFemn6%2Fimage.png?alt=media\&token=5f155543-e245-4a1c-a3f9-3d2e6d726a02)

### Copy & Apply your OAuth credentials

1. Click the **Download** icon under **Actions**\
   ![](https://1423778716-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqhZOIpP60jmSsqJrjbNZ%2Fuploads%2FMGJeO6GOTkrpU9Kf3GJ6%2Fimage.png?alt=media\&token=b4b35566-9203-4369-b0f1-ff5437667410)
2. In the pop up modal, copy both the **Client ID** and **Client Secret** values
3. Run the following commands:

{% code overflow="wrap" %}

```shell
kubectl create secret generic -n neurox neurox-control-idp-google --from-literal=clientId=<Client ID> --from-literal=clientSecret=<Client Secret>
```

{% endcode %}