1. Sign on to the Google Developers Console with a Google account.
    Important: For G Suite environments, sign on using the G Suite account that meets the requirements described in Google Login Integration Kit.
  2. Open an existing project, or create a new project as shown in Create, shut down, and restore projects in the Google documentation.
  3. If you want to access the "Extended Profile" attributes for G Suite users, enable the Admin SDK API for your project as shown in Enable and disable APIs in the Google documentation.
  4. Configure the OAuth consent screen as shown in the User consent section of Setting up OAuth 2.0 in the Google documentation.
    Note: The consent screen is shown to users whenever the Google IdP Adapter requests access to their Google profile information.
  5. Add information about your PingFederate server.
    Tip: If you want to create multiple Google IdP Adapter instances, you can create a new OAuth client for each instance.
    1. On the Credentials tab, from the Create Credentials list, select OAuth client ID.
    2. On the Create OAuth client ID window, from the Application type list, select Web application.
    3. In the Name field, enter a name of your choosing.
    4. Under Authorized JavaScript Origins, click Add URI. Enter your PingFederate base URL based on the following: 
      https://pf_host:pf_port
    5. Under Authorized redirect URIs, click Add URI. Enter the Google IdP Adapter endpoint based on the following: 
      https://pf_host:pf_port/ext/google-authn
    6. If you want to retrieve "Extended Profile" attributes for G Suite users, click Add URI and enter the following URL: 
      https://oauth.pingone.com/ocs/ppm/rest/v1/oauth/oastempcredresponse/
  6. Click Create.
  7. On the OAuth client created modal, note the Client ID and Client Secret. You will use these in Configuring an adapter instance. Click OK.