# SSO With Google

This guide provides step-by-step instructions on how to configure single sign-on (SSO) with Google. You already use Google to conveniently manage permissions to applications. After SSO configuration is complete, you'll also be able to use Google to manage permissions to your Datasources.

### Steps

{% hint style="info" %}
These instructions vary based on your organization's StrongDM region (not your individual location).
{% endhint %}

{% tabs %}
{% tab title="US" %}

1. First, enable API access. From the Google Admin console, navigate to the **Security** tab. Under **API reference**, enable API access.
2. Navigate to <https://console.developers.google.com> and click **Create Project**. On the **New Project** dialog, set the following:
   * **Project name:** Give the project a name.
   * **Organization:** Select **strongdm.com**.
   * **Location:** Select **strongdm.com**.
3. From the APIs & Services menu, select **OAuth consent screen**. Then select user type **Internal** and click **Create**.
4. On the **Branding** page, set the following (in addition to any required fields):
   * **Application home page:** `https://app.strongdm.com`
   * **Authorized domains:** Add **strongdm.com** as the domain.
5. From the APIs & Services menu, select **Credentials** and then click **Create Credentials** to create a new OAuth client ID. On the page that opens, set the following:
   * **Application type:** Select **Web application**.
   * **Name:** Enter **StrongDM**.
   * **Authorized JavaScript origins:** `https://app.strongdm.com`.
   * **Authorized redirect URIs:** `https://app.strongdm.com/auth/return`.
6. Copy the OAuth **client ID** and **client secret**. You will need them in a later step.
7. Next, enter the account details in the StrongDM Admin UI. Go to **Settings** > **User Management**. In the **Single Sign-on** section, set the following:
   * **Provider:** Select **Google**.
   * **Single sign-on URL:** Add your URL (`https://accounts.google.com`).
   * **Client ID**: Paste your client ID.
   * **Client Secret**: Paste your client secret.
8. Select your desired [general SSO settings](/admin/principals/sso.md) and click **activate**.
   {% endtab %}

{% tab title="UK" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

1. First, enable API access. From the Google Admin console, navigate to the **Security** tab. Under **API reference**, enable API access.
2. Navigate to <https://console.developers.google.com> and click **Create Project**. On the **New Project** dialog, set the following:
   * **Project name:** Give the project a name.
   * **Organization:** Select **strongdm.com**.
   * **Location:** Select **strongdm.com**.
3. From the APIs & Services menu, select **OAuth consent screen**. Then select user type **Internal** and click **Create**.
4. On the **Branding** page, set the following (in addition to any required fields):
   * **Application home page:** `https://app.uk.strongdm.com`.
   * **Authorized domains:** Add **strongdm.com** as the domain.
5. From the APIs & Services menu, select **Credentials** and then click **Create Credentials** to create a new OAuth client ID. On the page that opens, set the following:
   * **Application type:** Select **Web application**.
   * **Name:** Enter **StrongDM**.
   * **Authorized JavaScript origins:** `https://app.uk.strongdm.com`.
   * **Authorized redirect URIs:** `https://app.uk.strongdm.com/auth/return`.
6. Copy the OAuth **client ID** and **client secret**. You will need them in a later step.
7. Next, enter the account details in the StrongDM Admin UI. Go to **Settings** > **User Management**. In the **Single Sign-on** section, set the following:
   * **Provider:** Select **Google**.
   * **Single sign-on URL:** Add your URL (`https://accounts.google.com`).
   * **Client ID**: Paste your client ID.
   * **Client Secret**: Paste your client secret.
8. Select your desired [general SSO settings](/admin/principals/sso.md) and click **activate**.
   {% endtab %}

{% tab title="EU" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

1. First, enable API access. From the Google Admin console, navigate to the **Security** tab. Under **API reference**, enable API access.
2. Navigate to <https://console.developers.google.com> and click **Create Project**. On the **New Project** dialog, set the following:
   * **Project name:** Give the project a name.
   * **Organization:** Select **strongdm.com**.
   * **Location:** Select **strongdm.com**.
3. From the APIs & Services menu, select **OAuth consent screen**. Then select user type **Internal** and click **Create**.
4. On the **Branding** page, set the following (in addition to any required fields):
   * **Application home page:** `https://app.eu.strongdm.com`.
   * **Authorized domains:** Add **strongdm.com** as the domain.
5. From the APIs & Services menu, select **Credentials** and then click **Create Credentials** to create a new OAuth client ID. On the page that opens, set the following:
   * **Application type:** Select **Web application**.
   * **Name:** Enter **StrongDM**.
   * **Authorized JavaScript origins:** `https://app.eu.strongdm.com`.
   * **Authorized redirect URIs:** `https://app.eu.strongdm.com/auth/return`.
6. Copy the OAuth **client ID** and **client secret**. You will need them in a later step.
7. Next, enter the account details in the StrongDM Admin UI. Go to **Settings** > **User Management**. In the **Single Sign-on** section, set the following:
   * **Provider:** Select **Google**.
   * **Single sign-on URL:** Add your URL (`https://accounts.google.com`).
   * **Client ID**: Paste your client ID.
   * **Client Secret**: Paste your client secret.
8. Select your desired [general SSO settings](/admin/principals/sso.md) and click **activate**.
   {% endtab %}
   {% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/principals/sso/google-oidc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.