Skip to content
Developer Docs
Fides Configuration
OAuth and OIDC for Login
Configuring OIDC with Google Workspace

Configuring Google Workspace

Follow the steps described here to configure Fides and Google Workspace for login. This will need to be completed in collaboration with the team that manages Google Workspace at your organization.

Step by step instructions for configuring Google Workspace

  1. Go to the Google Cloud Console (opens in a new tab) and create a new project or select an existing one.
  2. Navigate to "APIs & Services"
  3. Enable the Google+ AP and Google Oauth2 API for your project by clicking on > "Credentials" and click "Create Credentials" > "OAuth 2.0 client ID".
  4. Choose "Web application" as the application type.
  5. Give your OAuth 2.0 client a name that you'll recognize (e.g., "Fides SSO").
  6. Add your redirect URLs to the OAuth 2.0 client configuration:
    • The Authorized redirect URI should be: https://<yourfidesdomain.com>/login/google
    • You may also want to add additional redirect URIs for different environments (staging, development, etc.)
  7. Click "Create" to generate your Client ID and Client Secret.
  8. Return to Fides to configure the integration and go to the "Settings > Organization" screen.
  9. Click on "Add SSO Provider"
  10. Fill in the fields using the information from the Google Cloud Console:
    • Select Google from the Provider list.
    • Fill in the identifier with a unique name (e.g., "google"). This field is case sensitive so double check everything before saving.
    • Name the integration. This will show on the Fides login screen to your users when this method is fully configured.
    • Copy the Client ID and Client Secret from Google Cloud Console and paste them in the fields.
    • Click "Save".

You now have Google Workspace configured! Add some users so that you can test the integration.

Adding users

In this version of OIDC support, you must still add users from the Fides admin UI. When adding a user who will sign in via Google Workspace, set both their username and email as the email address that is provided by Google. Once you have created users, assign them the appropriate role and they will be able to login via Google Workspace, provided they have the appropriate permissions in your Google Workspace organization.

Important Notes

  • Google Workspace requires that users have verified email addresses. Users with unverified email addresses will not be able to authenticate.
  • The Google OAuth2 integration uses the standard Google OAuth2 endpoints and doesn't require custom authorization or token URLs.
  • Make sure your Google Workspace domain allows third-party applications if you encounter authentication issues.
Configuring OIDC with OktaConfiguring OIDC with Azure AD