Skip to content

docs: update the Google Console instructions #27417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
leonace924 wants to merge 1 commit into
base: production
Choose a base branch
from
+49 −22
Open

docs: update the Google Console instructions #27417

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 49 additions & 22 deletions src/content/docs/cloudflare-one/integrations/identity-providers/google.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,53 +11,80 @@ You do not need to be a Google Cloud Platform user to integrate Google as an ide

## Set up Google as an identity provider

1. Log in to the Google Cloud Platform [console](https://console.cloud.google.com/). Create a new project, name the project, and select **Create**.
### 1. Create a Google Cloud project

2. On the project home page, go to **APIs & Services** and on the sidebar select **Credentials**.
1. Log in to the [Google Cloud Console](https://console.cloud.google.com/).
2. Create a new project, name the project, and select **Create**.

3. Select **Configure Consent Screen**.
### 2. Configure the OAuth consent screen

![Location to configure a Consent Screen in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/configure-consent-screen.png)
1. In your project, go to **APIs & Services** > **OAuth consent screen**.

4. To configure the consent screen:
1. Select **Get started**.
2. Enter an **App name** and a **User support email**.
3. Choose **External** as the Audience Type. Since this application is not being created in a Google Workspace account, any user with a Gmail address can log in.
4. Enter your **Contact Information**. Google Cloud Platform requires an email in your account.
5. Agree to Google's user data policy and select **Continue**.
6. Select **Create**.
2. If this is your first time configuring OAuth, select **Get Started**.

5. The OAuth overview page will load. On the OAuth overview screen, select **Create OAuth client**.
3. Under **App Information**:
- Enter an **App name** (for example, `Cloudflare Access`).
- Select a **User support email** where users can contact you with questions.
- Select **Next**.

![Location to create an OAuth client in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/create-oauth-client.png)
4. Under **Audience**:
- Choose **External** as the audience type. Since this application is not being created in a Google Workspace account, any user with a Google account can log in.
- Select **Next**.

6. Choose _Web application_ as the **Application type** and give your OAuth Client ID a name.
5. Under **Contact Information**:
- Enter an email address where Google can notify you about changes to your project.
- Select **Next**.

7. Under **Authorized JavaScript origins**, in the **URIs** field, enter your team domain:
6. Under **Finish**:
- Review the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy).
- Select **I agree to the Google API Services: User Data Policy**.
- Select **Continue**, then **Create**.

### 3. Create OAuth client credentials

1. Go to **APIs & Services** > **Credentials**.

2. Select **Create Credentials** > **OAuth client ID**.

3. For **Application type**, choose _Web application_.

4. Enter a **Name** for your OAuth client (for example, `Cloudflare Access`).

5. Under **Authorized JavaScript origins**, select **Add URI** and enter your team domain:

```txt
https://<your-team-name>.cloudflareaccess.com
```

<Render file="find-team-name" product="cloudflare-one" />

8. Under **Authorized redirect URIs**, in the **URIs** field, enter the following URL:
6. Under **Authorized redirect URIs**, select **Add URI** and enter:

```txt
https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
```

9. After creating the OAuth client, select the OAuth client that you just created. Google will present the **OAuth Client ID** value and **Client secret** value. The client secret field functions like a password and should not be shared. Copy both the **OAuth Client ID** value and **Client secret** value.
7. Select **Create**.

8. Copy the **Client ID** and **Client secret** values. The client secret functions like a password and should be kept secure.

:::note
Client secrets are only visible at creation time. Store them securely, as you cannot retrieve them later.
:::

### 4. Add Google to Cloudflare Access

10. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Integrations** > **Identity providers**.
1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Integrations** > **Identity providers**.

11. Under **Your identity providers**, select **Add new identity provider**. Choose **Google** on the next page.
2. Select **Add new identity provider**, then choose **Google**.

12. Input the Client ID (**App ID** in the Cloudflare dashboard) and Client Secret fields generated previously.
3. Enter the following:
- **App ID**: The Client ID from Google.
- **Client Secret**: The Client secret from Google.

13. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
4. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.

14. Select **Save**.
5. Select **Save**.

## Test your connection

Expand Down