PingOne

Adding an identity provider - Google

Adding Google as an external identity provider (IdP) gives your users the option to sign on with Google when accessing your application.

Before you begin

Ensure that you have:

Registering the application with Google

When you register your application, Google generates an app ID and app secret for the application. You’ll need these values to connect the application to PingOne.

Steps

  1. Go to the Google API Console.

    If you haven’t created a Google account, you can do so now.

  2. In the Projects list, select a project or create a new one.

  3. On the left, click Credentials.

  4. Click Create credentials, then select OAuth client ID.

    If you are prompted to configure an OAuth consent screen with information about your application, you can do that now.

  5. Select the appropriate application type for your project and enter the following information:

    • Name: The name of the OAuth client ID, not the display name of the application.

    • Authorized JavaScript origins: The origin URI of the client application, for use with requests from a browser.

    • Authorized redirect URIs: (Leave this value blank for now.) The path in your application that users are redirected to after they have authenticated with Google.

  6. Click Create.

  7. On the OAuth client page, copy the client ID and client secret to a secure location.

    You can always access the client ID and client secret from the Credentials page in the API Console.

Next steps

Learn more in Setting up OAuth 2.0 in Google’s API Console Help documentation.

Enabling the Google People API

You must enable the Google People API if it’s not enabled already.

Steps

  1. Go to the Google API Console.

  2. In the Projects list, select a project or create a new one.

  3. On the left, click Library.

  4. Locate the People API.

    If you need help finding the API, use the search field.

  5. Click Enable.

Next steps

Learn more in Enable and disable APIs in Google’s API Console Help documentation.

Adding Google as an identity provider in PingOne

Configure the IdP connection in PingOne.

Before you begin

Ensure that registration is enabled in the authentication policy. Learn more in Editing an authentication policy.

You should have the following information ready:

  • Client ID

  • Client secret

Steps

  1. In the PingOne admin console, go to Integrations > External IdPs and click .

  2. Click Google.

  3. Click Next.

  4. On the Add External Identity Provider page, enter the following information:

    • Name: A unique identifier for the IdP.

    • Description (optional): A brief description of the IdP.

    • Population: A population that overrides the authentication policy’s registration population and enables just-in-time registration from the IdP.

      You can’t change the Icon and Sign-on Button in accordance with the provider’s brand standards.

  5. Click Next.

  6. Configure the connection and enter the following information:

    • Client ID: The application ID that you copied earlier from the IdP. You can find this information on the Credentials page on the Google Developers site.

    • Client secret: The application secret that you copied earlier from the IdP. You can find this information on the Credentials page on the Google Developers site.

    • Callback URL: Copy the Callback URL to a secure location. You’ll provide this value to the IdP later.

  7. Click Next.

  8. Define how the PingOne user attributes are mapped to IdP attributes. Learn more in Mapping attributes.

    • Enter the PingOne user profile attribute and the external IdP attribute. Learn more about attribute syntax in Identity provider attributes.

    • To add an attribute, click Add.

    • To use the advanced expression builder, click the Gear icon. Learn more in Using the expression builder.

    • Select the update condition, which determines how PingOne updates its user directory with the values from the IdP. The options are:

      • Empty only: Update the PingOne attribute only if the existing attribute is empty.

      • Always: Always update the PingOne directory attribute.

  9. Click Save.

Adding the callback URL to the Google API Console

Copy the callback URL from the PingOne admin console and paste it in the Google API Console.

Steps

  1. In the PingOne admin console, go to Integrations > External IdPs and browse or search for the appropriate IdP.

  2. Click the IdP to open the details panel.

  3. On the Connection tab, copy the Callback URL to a secure location.

  4. Go to the Google API Console.

  5. In the Projects list, select the appropriate project.

  6. Click Credentials.

  7. In the Application list, click the appropriate application.

  8. In the Authorized redirect URIs section, click Add URI, and paste the value that you copied from the PingOne admin console.

Next steps