Configure Google Workspace as an Identity Provider

This feature is in Beta.

Integrate an existing Identity Provider (IdP) with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources. 

Prerequisites

  • You must have Admin with Billing permissions to configure an IdP. 
  • You must have a Google Cloud account with the permission to create new Google Cloud Projects . 

Considerations

  • Federated authentication will be applied to all users at once.
  • Creating an IdP in JumpCloud will result in all users in the organization authenticating to supported resources (Self Service Account Provisioning, Mac ADE, local password resets, User Portal, and SSO apps) with this IdP.
  • User Portal access will be available with a federated login. If you don’t want User Portal access, you can create a policy to deny this, see Get Started: Conditional Access Policies
  • In order to provision users from your Google Workspace directory to JumpCloud, Configure the Google Cloud Directory Sync.

Preparing your IdP to Configure with JumpCloud

To prepare your connection:

  1. Log in to your Google Cloud Console.
  2. Next to the logo at the top, click the dropdown menu, then in the top right corner of the modal, click NEW PROJECT. Name it something associated with JumpCloud, like ‘JumpCloud OIDC’ and click SAVE.
  3. Under APIs & Services, click OAuth consent screen
  4. Click EDIT APP. On the App Information page, enter an App name*, something associated with JumpCloud, like ‘JumpCloud OIDC’
  5. In the next dropdown menu, select a User support email*.
  6. Fill out the The next few sections are optional fields that you can fill out. 
  7. Scroll down to Authorized domains, under Authorized domain 1*, enter jumpcloud.com
  8. Under Developer contact information, enter an Email address*
  9. Click SAVE AND CONTINUE.
  10. On the next page, you can manage the scopes. Click ADD OR REMOVE SCOPES.
  11. Select the first three scopes; email, openID, and profile
  12. Click UPDATE
  13. Click SAVE AND CONTINUE. On the Summary page, verify the app registration is correct, then click BACK TO DASHBOARD
  14. Under APIs & Services, click Credentials > + CREATE CREDENTIALS
  15. Enter a Name*, something associated with JumpCloud, like ‘JumpCloud OIDC’.
  16. Under Authorized redirect URIs, enter https://login.jumpcloud.com/oauth/callback
  17. Under Additional Information > Client ID, copy the URL to your clipboard. 
  18. Then under Client secrets, copy the secret to your clipboard. 
  19. Click SAVE

Now, you have a connection to JumpCloud in Google Cloud. Next, you’ll want to configure the connection in JumpCloud.'

Configuring Google Cloud as an IdP in JumpCloud

To configure Google Cloud:

  1. Log in to your JumpCloud Admin Portal.
  2. Click DIRECTORY INTEGRATIONS > Identity Providers.
  3. Click the Add Identity Provider dropdown menu, and select Google
  4. Enter an Identity Provider Name* as a display name (i.e. Google OIDC).
  5. Under Google IdP URL*, enter https://accounts.google.com
  6. For Client ID*, paste in the first URL that you copied into your clipboard. 
  7. For Client Secret, paste in the secret that you copied into your clipboard. 
  8. Click Save

Managing the IdP 

To manage the IdP:

  1. From your JumpCloud Admin Portal, click DIRECTORY INTEGRATIONS > Identity Providers.
  2. You can update the name, Google IdP URL, Client ID, and Client Secret. 
  3. Under Authentication, you’ll see that Federation is applied to your users, allowing them to authenticate with an IdP. 
  4. Under Device Account Provisioning, you can configure either Self Service Account Provisioning or Automated Device Enrollment for whichever OS you’re provisioning. The Status displays either Enabled or Disabled accordingly, click Configure to edit.
    1. See Provision New Users on Device Login and Automated Device Enrollment to learn more. 

Deleting the IdP

To delete the IdP:

  1. From your JumpCloud Admin Portal, click DIRECTORY INTEGRATIONS > Identity Providers.
  2. At the bottom of the IdP Configuration page, under Delete Identity Provider, click Delete IdP
  3. You’ll be prompted to confirm your deletion, then click Yes, Delete

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case