PingOne

Adding an identity provider - Google

Adding Google as an external identity provider (IdP) gives your users the option to sign in with Google when accessing your application.

Before you begin

Ensure that the application is added to PingOne.

Set the Grant Type for the application to Implicit.

Learn more in Adding an application.

Registering the application with Google

When you register your application, Google will generate an App ID and App Secret for the application. You’ll need these values to connect the application to PingOne.

Steps

  1. Go to the Google API Console at https://console.developers.google.com.

    If you haven’t created a Google account, you can do so now.

  2. In the Projects list, select a project or create a new one.

  3. On the left, click Credentials.

  4. Click Create credentials, then select OAuth client ID.

    If you are prompted to configure an OAuth consent screen with information about your application, you can do that now.

  5. Select the appropriate application type for your project and enter the following information:

    • Name: The name of the OAuth client ID, not the display name of the application.

    • Authorized JavaScript origins: The origin URI of the client application, for use with requests from a browser.

    • Authorized redirect URIs: (Leave this value blank for now.) The path in your application that users are redirected to after they have authenticated with Google.

  6. Click Create.

  7. In the OAuth client window, copy the client ID and client secret to a secure location.

    You can always access the client ID and client secret from the Credentials page in the API Console.

Next steps

For more information, see https://support.google.com/googleapi/answer/6158849.

Enabling the Google People API

You must enable the Google People API if it’s not enabled already.

Steps

  1. Go to the Google API Console at https://console.developers.google.com.

  2. In the Projects list, select a project or create a new one.

  3. On the left, click Library.

  4. Locate the People API.

    If you need help finding the API, use the search field.

  5. Click Enable.

Next steps

For more information, see https://support.google.com/googleapi/answer/6158841.

Adding Google as an identity provider in PingOne

Configure the identity provider connection in PingOne.

Before you begin

Ensure that registration is enabled in the authentication policy. See Editing an authentication policy.

You should have the following information ready:

  • Client ID

  • Client secret

Steps

  1. In PingOne, go to Integrations → External IdPs.

  2. Click Add Provider.

  3. Click Google.

  4. On the Create Profile page, enter the following information:

    • Name: A unique identifier for the identity provider.

    • Description: (Optional). A brief characterization of the identity provider.

    You cannot change the icon and login button, in accordance with the provider’s brand standards.

  5. Click Next.

  6. On the Configure Connection page, enter the following information:

    • Client ID: The application ID that you copied earlier from the identity provider. You can find this information on the Credentials page on the Google Developers site.

    • Client secret: The application secret that you copied earlier from the identity provider. You can find this information on the Credentials page on the Google Developers site.

  7. Click Save and Continue.

  8. On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes.

    For more information, see Mapping attributes.

    • Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.

    • To add an attribute, click Add attribute.

    • To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.

    • Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:

      • Empty only: Update the PingOne attribute only if the existing attribute is empty.

      • Always: Always update the PingOne directory attribute.

  9. Click Save and Finish.

Adding the callback URL to the Google API Console

Copy the callback URL from PingOne and paste it in the Google API Console.

Steps

  1. In PingOne, go to Integrations → External IdPs.

  2. Locate the appropriate identity provider (IdP), and then click the details icon to expand the IdP.

  3. Click the Connection tab.

  4. Copy the callback URL and paste it to a secure location.

  5. Go to the Google API Console at https://console.developers.google.com.

  6. In the Projects list, select the appropriate project.

  7. On the left, click Credentials.

  8. In the Application list, click the appropriate application.

  9. In the Authorized redirect URIs section, click Add URI, and paste the value that you copied from the PingOne console.

Next steps