Google

Procedure

  1. Click Identity Providers in the menu.

  2. From the Add provider list, select Google.

    Add identity provider

    Add Identity Provider

  3. In a separate browser tab open the Google Cloud Platform console.

  4. In the Google dashboard for your Google app, click the OAuth consent screen menu. Create a consent screen, ensuring that the user type of the consent screen is external.

  5. In the Google dashboard:

    1. Click the Credentials menu.

    2. Click CREATE CREDENTIALS - OAuth Client ID.

    3. From the Application type list, select Web application.

    4. Click Create.

    5. Note Your Client ID and Your Client Secret.

  6. In Keycloak, paste the value of the Your Client ID into the Client ID field.

  7. In Keycloak, paste the value of the Your Client Secret into the Client Secret field.

  8. Click Add

  9. Enter the required scopes into the Default Scopes field. By default, Keycloak uses the following scopes: openid profile email. See the OAuth Playground for a list of Google scopes.

  10. To restrict access to your GSuite organization’s members only, enter the G Suite domain into the Hosted Domain field.

  11. Click Save.