Help Center Home > Google Workspace > Configure Google Workspace as an Identity Provider

Configure Google Workspace as an Identity Provider

This feature is in Beta.

Integrate an existing Identity Provider (IdP) with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources. 

Prerequisites

  • You need to have a Google Cloud account with the permission to create new Google Cloud Projects . 
  • You need to have Admin with Billing permissions to configure an IdP. 

Considerations

  • Federated authentication will be applied to all users at once.
  • Creating an IdP in JumpCloud will result in all users in the organization authenticating to supported resources (Self Service Account Provisioning, Mac ADE, local password resets, User Portal, and SSO apps) with this IdP.
  • User Portal access will be available with a federated login. If you don’t want User Portal access, you can create a policy to deny this, see Get Started: Conditional Access Policies to learn more. 
  • In order to provision users from your Google Workspace directory to JumpCloud, see Configure the Google Cloud Directory Sync to learn more.

Preparing your IdP to Configure with JumpCloud

To prepare your connection:

  1. Log in to your Google Cloud Console.
  2. Next to the logo in the top left corner, click the dropdown menu, then in the top right corner of the modal, click NEW PROJECT. Name it something associated with JumpCloud, like ‘JumpCloud OIDC’ and click CREATE.
  1. Navigate to APIs & Services, then in the left menu, click OAuth consent screen
  2. Under User Type, select Internal, then click CREATE.
  1. On the App Information page, enter an App name*, something associated with JumpCloud, like ‘JumpCloud OIDC’.
  2. In the next dropdown menu, select a User support email*.
  3. The sections App logo and App domain are optional fields.
  1. Scroll down to Authorized domains, under Authorized domain 1*, enter jumpcloud.com
  2. Under Developer contact information, enter an Email address*
  3. Click SAVE AND CONTINUE.
  1. On the next page, you can manage the scopes. Click ADD OR REMOVE SCOPES.
  2. Select the first three scopes; email, openID, and profile
  3. Click UPDATE
  1. On the Scopes page, click SAVE AND CONTINUE.
  2. On the Summary page, verify the app registration is correct, then click BACK TO DASHBOARD
  1. Under APIs & Services, click Credentials > + CREATE CREDENTIALS, and select OAuth client ID from the dropdown menu.
  1. On the next page, click the Application type* dropdown menu and select Web application.
  2. Then, enter a Name*, something associated with JumpCloud, like ‘JumpCloud OIDC’.
  3. Under Authorized redirect URIs, enter https://login.jumpcloud.com/oauth/callback
  4. Click CREATE.
  1. You’ll get a successful OAuth client created modal with the Client ID, Client secret, Creation date, and Status. 
  2. Copy the Client ID and Client secret to your clipboard. You’ll need these to configure Google Cloud in JumpCloud. Then click OK to exit out of the modal. 

Now, you have a connection to JumpCloud in Google Cloud. Next, you’ll want to configure the connection in JumpCloud.'

Configuring Google Cloud as an IdP in JumpCloud

To configure Google Cloud:

  1. Log in to your JumpCloud Admin Portal.
  2. Click DIRECTORY INTEGRATIONS > Identity Providers.
  3. Click the Add Identity Provider dropdown menu, and select Google
  4. Enter an Identity Provider Name* as a display name (i.e. Google OIDC).
  5. Under Google IdP URL*, enter https://accounts.google.com
  6. For Client ID*, paste in the first URL that you copied into your clipboard. 
  7. For Client Secret, paste in the secret that you copied into your clipboard. 
  8. Click Save

Managing the IdP 

To manage the IdP:

  1. From your JumpCloud Admin Portal, click DIRECTORY INTEGRATIONS > Identity Providers.
  2. You can update the name, Google IdP URL, Client ID, and Client Secret. 
  3. Under Authentication, you’ll see that Federation is applied to your users, allowing them to authenticate with an IdP. 
  4. Under Device Account Provisioning, you can configure either Self Service Account Provisioning or Automated Device Enrollment for whichever OS you’re provisioning. The Status displays either Enabled or Disabled accordingly, click Configure to edit.

Deleting the IdP

To delete the IdP:

  1. From your JumpCloud Admin Portal, click DIRECTORY INTEGRATIONS > Identity Providers.
  2. At the bottom of the IdP Configuration page, under Delete Identity Provider, click Delete IdP
  3. You’ll be prompted to confirm your deletion, then click Yes, Delete
Back to Top

List IconIn this Article

Notebook IconLearn More

Get Started: Federated Authentication

Device Password Sync

Externally Managed Passwords

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case