[[_google]]
==== Google

.Procedure
. Click *Identity Providers* in the menu.
. From the `Add provider` list, select `Google`.
+
.Add identity provider
image:images/google-add-identity-provider.png[Add Identity Provider]
+
. Copy the value of *Redirect URI* to your clipboard.
. In a separate browser tab open https://console.cloud.google.com/[the Google Cloud Platform console].
. In the Google dashboard for your Google app, in the Navigation menu on the left side, hover over *APIs & Services* and then click on the *OAuth consent screen* option. Create a consent screen, ensuring that the user type of the consent screen is *External*.
. In the Google dashboard:
.. Click the *Credentials* menu.
.. Click *CREATE CREDENTIALS* - *OAuth Client ID*.
.. From the *Application type* list, select *Web application*.
.. Use the *Redirect URI* in your clipboard as the *Authorized redirect URIs*
.. Click *Create*.
.. Note `Your Client ID` and `Your Client secret`.
. In {project_name}, paste the value of the `Your Client ID` into the *Client ID* field.
. In {project_name}, paste the value of the `Your Client secret` into the *Client Secret* field.
. Click *Add*
. Enter the required scopes into the *Default Scopes* field. By default, {project_name} uses the following scopes: `openid` `profile` `email`. See the https://developers.google.com/oauthplayground/[OAuth Playground] for a list of Google scopes.
. To restrict access to your GSuite organization's members only, enter the G Suite domain into the `Hosted Domain` field.
. Click *Save*.