Google

Use Google as your Identity Provider.

Create OAuth Client

Note: The instructions in this section are only needed when Google is used for authentication of the Atolio web application.

Create a new project in the Google Cloud Console by visiting https://console.cloud.google.com/cloud-resource-manager and clicking CREATE PROJECT. Provide a project name (e.g. Atolio) and select the correct Organization and Location. Note the Project ID field displayed below the Project name. You’ll need this value when setting up Terraform later. Click CREATE.

This project will be used to create credentials for the Google OAuth Client (for authenticating Atolio users) and to create necessary resources to (allow) access to the Google Workspace by the Atolio stack later on.

Create the Google OAuth Client using the following steps:

  1. Visit https://console.cloud.google.com/apis/credentials/consent to set up the OAuth consent screen.
  2. Select Internal for User Type and click CREATE.
  3. Provide Atolio for the App name and enter email addresses for both support and developer contact information.
  4. Press SAVE AND CONTINUE.
  5. In the next Scopes screen there is no need for changes, just click SAVE AND CONTINUE again.
  6. Review your changes in the next Summary screen and click BACK TO DASHBOARD.

The OAuth credentials (client ID and secret) can now be created by:

  1. Navigating to https://console.cloud.google.com/apis/credentials and clicking CREATE CREDENTIALS in the top menu bar.
  2. Then select OAuth client ID from the drop down menu.
  3. For application type on the next screen choose Web application and fill out the rest of the form as shown in the table below (using your own domain name instead of the example).
  4. Click CREATE. The OAuth client will be created providing you with a Client ID and Secret.
  5. Download the JSON file.
Field NameField Value
Application typeWeb application
Authorized JavaScript originshttps://search.example.com
Authorized redirect URIshttps://search.example.com/auth/_callback

The client ID and secret which will be needed later in the deployment process as described below. We recommend storing this information in a safe place (e.g. 1Password secure note) to be shared with your Deployment Engineer.