Google

This guide shows how to configure Google as your identity provider.

Prerequisites

• You are an administrator of your Google Cloud Console

• You have enabled the Admin SDK API (required for synchronizing Groups)

Create the OAuth application

1. Log into the Google Cloud Console.

2. Select an existing Project or create a new one.

3. Navigate to the Google Auth Platform via the Menu bar on the left.

4. If Google Auth Platform is not yet configured, click Get Started

5. Enter a name for this application (e.g. Neurox Web App) and select a user support email. Click Next. .

6. Select your intended Audience. We recommend Internal unless you want users to log in with email domains outside of your Google Workspace. Click Next.

7. Enter an email address for Google to contact you. Click Next.

8. Check the box to agree to Google's API Services policies. Click Continue.

9. Click the Create button to create your application.

Create the OAuth client

1. Click the Create OAuth Client button.

2. Under Application type select Web application •

3. Enter a Name for your OAuth Client (e.g. Neurox Web App)

4. Under Authorized JavaScript origins click Add URI

5. In URIs 1 enter your Control Portal URL (e.g. random-words.goneurox.com)

6. Under Authorized redirect URIs click Add URI

7. Enter the following URIs (click Add URI to add more):

   1. https://random-words.goneurox.com/api/connect/google/callback

   2. https://random-words.goneurox.com/idp/callback

   3. https://random-words.goneurox.com/sso/auth Be sure to replace random-words.goneurox.com with your actual subdomain.

8. Click the Create button

Copy & Apply your OAuth credentials

1. Click the Download icon under Actions

2. In the pop up modal, copy both the Client ID and Client Secret values

3. Run the following commands:

kubectl create secret generic -n neurox neurox-control-idp-google --from-literal=clientId=<Client ID> --from-literal=clientSecret=<Client Secret>