---
title: "Configuring Google SSO with OpenID Connect"
slug: "configuring-google-single-sign-on-sso-with-openid-connect"
updated: 2025-06-22T21:08:32Z
published: 2025-06-22T21:08:32Z
canonical: "documentation.encodify.com/configuring-google-single-sign-on-sso-with-openid-connect"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.encodify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Google SSO with OpenID Connect

## Overview

---

This guide provides clear, step-by-step instructions with screenshots from both the Encodify system and the Google Admin Console to help you configure Google Single Sign-On (SSO) **using OpenID Connect**.

## Configuring OpenID Connect for Encodify via Google

---

### Step 1: Create a New Identity Provider in Encodify

1. Navigate to **Site Configuration → Identity Providers and Users → Identity Providers**.
2. Click **Add New IdP** to create a new provider.
3. Complete the fields as follows:
  - **Name ID**: Use only English letters with no spaces. This value will be part of the URL later.
  - **Display Name for Login Page**: Enter the name you want users to see on the login page as the label on the login button.
  - **Authentication Method**: Select **OpenID Connect**.
  - **Email Domains** (optional): Restrict login to users with email addresses from specific domains. Enter domain names separated by commas (e.g., `encode.dk, microsoft.com`).
4. Click **Next** to proceed.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613019383.png)

### Step 2: Link the Identity Provider

1. Link your new IdP to an existing **Login URL** and **Login Page**, or create new ones. Note that each IdP can only be linked to one Login URL. For more details, refer to the **Configuration of Login URL** section.
2. Click **Next** to continue.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613149540.png)

### Step 3: Provide Integration Details

1. Copy the **Callback URL** displayed on this page (e.g., `https://mpa.dev.encode.dk/mpa/login/oauth2/code/OidGoogle`). You will need this in the Google Cloud Console.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613262553.png)

### Step 4: Create OAuth Credentials in Google Cloud Console

1. Switch to the [Google Cloud Console](https://console.cloud.google.com/apis/credentials).
2. Ensure the correct project is selected at the top.
3. Navigate to **APIs and Services → Credentials**.
4. Click **Create Credentials** and select **OAuth client ID**.
5. For **Application Type**, select **Web Application**.
6. Enter a name for the credential (this is only for your reference in Google Cloud Console).
7. Add the following authorised URIs:
  - **Authorized JavaScript Origins**: Enter your Encodify application domain(s), e.g., `https://mpa.dev.encode.dk`.
  - **Authorized Redirect URIs**: Paste the **Callback URL** you copied earlier, including the Name ID of your Identity Provider, e.g., `https://mpa.dev.encode.dk/mpa/login/oauth2/code/OidGoogle`.
8. Click **Create**.
9. Copy the **Client ID** and **Client Secret** from the dialog titled **OAuth client created** by clicking the copy icons.

### Step 5: Finalise IdP Configuration in Encodify

1. Return to the Encodify system.
2. In Step 3 of the IdP configuration, select **Google** as the OpenID Connect type. Note that several fields will become read-only and auto-filled:
  - OpenID Connect Config URL: `https://accounts.google.com/.well-known/openid-configuration`
  - OpenID Connect JWK URI: `https://www.googleapis.com/oauth2/v3/certs`
  - OAuth2 Authorisation URL: `https://accounts.google.com/o/oauth2/v2/auth`
  - OAuth2 Access Token URL: `https://oauth2.googleapis.com/token`
3. Fill in the following parameters using the credentials from Google Cloud Console:
  - **OAuth2 Scope**: `openid,profile,email`
  - **OAuth2 Client ID**: *(from Google Cloud Console)*
  - **OAuth2 Client Secret**: *(from Google Cloud Console)*
  - **External User ID Attribute**: `email`
  - **Mapped Attributes**: `name -&gt; Name`, `email -&gt; Email`
4. Click **Next**.

![Google.png](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/22771980083357.png)

### Step 6: Access Rights and User Group Mapping

1. These steps are **not supported** for Google IdP, as Google only exposes standard token fields like name and email, without additional attributes.
2. Click **Next** twice to proceed.

### Step 7: Default User Properties

1. Configure default user properties such as access rights or fixed attributes. For example, you might set the **Division** attribute to "Managers" for auto-provisioned users.
2. Click **Next**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613680688.png)

### Step 8: Default User Groups

1. Assign default user groups that will be applied to new users upon login with auto-provisioning.
2. Click **Next**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613747659.png)

### Step 9: Welcome Email and First Login Message

1. Optionally enable a **Welcome Email** and a **First Login Message**.
2. New users logging in for the first time will receive the email and see a welcome modal.
3. Click **Save IdP** to finalise the configuration.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613783933.png)

## Verifying the New Identity Provider

1. After saving, the new Identity Provider will appear in the list of Identity Providers.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613917649.png)

## Logging into Encodify Using Google SSO

If this new IdP is the only authentication method for the configured login URL, users will be automatically authenticated when accessing the URL. If multiple providers, including "Internal," are configured, the login page will display a button for signing in with the new IdP (e.g., "Sign in with Google SSO").

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750613980240.png)