Configure Google Workspace as an Identity Provider

Integrate an existing Identity Provider (IdP) with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources. 

Prerequisites

  • You need to have a Google Cloud account with the permission to create new Google Cloud Projects . 
  • You need to have Admin with Billing permissions to configure an IdP. 

Considerations

Preparing your IdP to Configure with JumpCloud

To prepare your connection:

  1. Log in to your Google Cloud Console.
  2. Next to the logo in the top left corner, click the dropdown menu, then in the top right corner of the modal, click NEW PROJECT. Name it something associated with JumpCloud, like ‘JumpCloud OIDC’ and click CREATE.
  1. Navigate to APIs & Services, then in the left menu, click OAuth consent screen
  2. Under User Type, select Internal, then click CREATE.
  1. On the App Information page, enter an App name*, something associated with JumpCloud, like ‘JumpCloud OIDC’.
  2. In the next dropdown menu, select a User support email*.
  3. The sections App logo and App domain are optional fields.
  1. Scroll down to Authorized domains, under Authorized domain 1*, enter jumpcloud.com
  2. Under Developer contact information, enter an Email address*
  3. Click SAVE AND CONTINUE.
  1. On the next page, you can manage the scopes. Click ADD OR REMOVE SCOPES.
  2. Select the first three scopes; email, openID, and profile
  3. Click UPDATE
  1. On the Scopes page, click SAVE AND CONTINUE.
  2. On the Summary page, verify the app registration is correct, then click BACK TO DASHBOARD
  1. Under APIs & Services, click Credentials > + CREATE CREDENTIALS, and select OAuth client ID from the dropdown menu.
  1. On the next page, click the Application type* dropdown menu and select Web application.
  2. Then, enter a Name*, something associated with JumpCloud, like ‘JumpCloud OIDC’.
  3. Under Authorized redirect URIs, enter https://login.jumpcloud.com/oauth/callback
  4. Click CREATE.
  1. You’ll get a successful OAuth client created modal with the Client ID, Client secret, Creation date, and Status. 
  2. Copy the Client ID and Client secret to your clipboard. You’ll need these to configure Google Cloud in JumpCloud. Then click OK to exit out of the modal. 

Now, you have a connection to JumpCloud in Google Cloud. Next, you’ll want to configure the connection in JumpCloud.'

Configuring Google Cloud as an IdP in JumpCloud

To configure Google Cloud:

  1. Log in to your JumpCloud Admin Portal.
  2. Click DIRECTORY INTEGRATIONS > Identity Providers.
  3. Click the Add Identity Provider dropdown menu, and select Google
  4. Enter an Identity Provider Name* as a display name (i.e. Google OIDC).
  5. Under Google IdP URL*, enter https://accounts.google.com
  6. For Client ID*, paste in the first URL that you copied into your clipboard. 
  7. For Client Secret, paste in the secret that you copied into your clipboard. 
  8. Click Save

Managing the IdP 

To manage the IdP:

  1. From your JumpCloud Admin Portal, click DIRECTORY INTEGRATIONS > Identity Providers.
  2. You can update the name, Google IdP URL, Client ID, and Client Secret. 
  3. Under Authentication, you’ll see that Federation is applied to your users, allowing them to authenticate with an IdP. 
  4. Under Device Account Provisioning, you can configure either Self Service Account Provisioning or Automated Device Enrollment for whichever OS you’re provisioning. The Status displays either Enabled or Disabled accordingly, click Configure to edit.

Deleting the IdP

To delete the IdP:

  1. From your JumpCloud Admin Portal, click DIRECTORY INTEGRATIONS > Identity Providers.
  2. At the bottom of the IdP Configuration page, under Delete Identity Provider, click Delete IdP
  3. You’ll be prompted to confirm your deletion, then click Yes, Delete

Additional Resources:

Walk through a guided simulation for Configuring Google Workspace as an Identity Provider

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case