[[_google]]
==== Google

.Procedure
. Click *Identity Providers* in the menu.
. From the `Add provider` list, select `Google`.
+
.Add Identity Provider
image:{project_images}/google-add-identity-provider.png[Add Identity Provider]
+
. In a separate browser tab, https://support.google.com/googleapi/answer/6251787[create a google project].
. In the Google dashboard for your Google app, click the *OAuth consent screen* menu. Create a consent screen, ensuring that the user type of the consent screen is external.
. In the Google dashboard:
.. Click the *Credentials* menu. 
.. Click *CREATE CREDENTIALS* - *OAuth Client ID*.
.. From the *Application type* list, select *Web application*.
.. Click *Create*.
.. Note *Your Client ID* and *Your Client Secret*.
. In {project_name}, paste the value of the *Your Client ID* into the *Client ID* field.
. In {project_name}, paste the value of the *Your Client Secret* into the *Client Secret* field.
. Enter the required scopes into the *Default Scopes* field. By default, {project_name} uses the following scopes: `openid` `profile` `email`. See the https://developers.google.com/oauthplayground/[OAuth Playground] for a list of Google scopes.
. To restrict access to your GSuite organization's members only, enter the G Suite domain into the `Hosted Domain` field.
. Click *Save*.