Google Cloud SSO Configuration User Guide

Learn how to configure Google Cloud SSO with external IdP using OIDC for AWS Cognito.

Trevor Sullivan
Aug 22, 2024

Table of Contents

Need additional support?

Subscribe

StratusGrid logo above the text 'Google Cloud SSO Configuration User Guide' on a dark background
Google Cloud SSO Configuration User Guide
2:28

External IdP Configuration Guide Overview (OIDC)

In order to configure an external OIDC provider for an AWS Cognito user-pool, there must be an exchange of information between both the app (Stratusphere) and the customer organization's system administrator.

Stratusphere will provide these to the system administrator:

  • Authorized JavaScript origins
  • Authorized redirect URIs
  • Application Logo (optional)

The system administrator must configure their SSO Provider with a new Application representing Stratusphere (and the above values). They must then provide the following (from the SSO Provider's newly registered application) to Stratusphere:

  • Domain/Issuer URL - https://accounts.google.com
  • Client ID
  • Client Secret

Note: Each different SSO Identity Provider (Auth0, MS Azure Entra ID, etc) has different configuration screens/steps. This guide is specific to Google Cloud.

Note: SAML-required fields are different from those required to configure OIDC IdPs. This guide is specific to OIDC configurations.

Customer System Administrator - Google Cloud Configuration (OIDC)

Steps for the Customer's System Administrator:

1. For creating an OIDC Client Application in Google Cloud representing Stratusphere:

2. After a customer's system administrator creates the OIDC Client Application in Google Cloud, in the Application Settings, they must send us the following from "Basic Information" (for use in Stratusphere's AWS Cognito configuration):

  • Domain/Issuer URL - https://accounts.google.com
  • Client ID
  • Client Secret

Finalize Configuration and Test

Once the Application registration has been created and the secret has been configured in the Google Cloud portal, please reach out to support at support@stratusphere.app. We will set up a 15min call to finish configuration and test the integration.

Please be prepared to provide the following values (from above) to the Stratusphere support team during the call (none of these values will be stored outside of the secure storage in the production SSO service):

  • Domain/Issuer URL - https://accounts.google.com
  • Client ID
  • Client Secret

Similar posts