Single Sign-On

Connect G Suite OAuth

Learn How to configure a connection to Google G Suite via OAuth

Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a Google OAuth Connection, you'll need three pieces of information: a Redirect URI, a Google Client ID, and a Google Client Secret.

WorkOS provides:

  • Redirect URI

You provide:

  • Google Client ID
  • Google Client Secret

WorkOS Provides:

WorkOS provides the Redirect URI, an allowlisted callback URL. It indicates the location to return an authorized user to after both an authorization code is granted, and the authentication process is complete. It's readily available in your Connection's Settings in the Developer Dashboard.


You Provide:

And then, you provide the Google Client ID and the Google Client Secret.

These are a pair of credentials provided by Google that you'll use to authenticate your application via Google's OAuth protocol. To obtain them:

Step 1. Log in and Select Your Application

Log in to the Google Cloud Platform Console Dashboard. Select your application's project from the project selection dropdown menu in the navigation bar.

Step 2. Add WorkOS to your list of authorized domains

Select "OAuth Consent Screen" in the left-hand navigation menu, add workos.com to your list of "Authorized domains", and select "Save".

Step 3. Create Your Application's OAuth Client Credentials

Select "Credentials" in the left-hand menu. Then select "OAuth client ID" from the "Create Credentials" dropdown menu.

Then, give your OAuth client ID a name, and add the Redirect URI provided by WorkOS to the list of "Authorized redirect URIs".

Note: As a best practice, your OAuth client ID's name should be different from your application's name. It will not be shown to end users.

Click "Create" and you'll be presented with your application's Client ID and Client Secret!

Add your Google Client ID and Google Client Secret to their respective fields in your Connection's settings.

Select "Update Connection" and your Connection will then be linked and ready to go!


Associate a domain with your Connection:

To associate a domain, first navigate to your Connection Settings in the Dashboard and click the "New Connection" button.

Then, select "Google OAuth" as your Identity Provider, and enter your enterprise customer's domain for your Domain.

And since you've already configured the Global IdP settings for your Google Connection, your Connection should be Linked. Your Connection's Linked status is indicated by the green badge next to the Connection name.

After that, you're now able to authenticate users from the listed domain using your Google Connection.