Google Workspace (formerly known as G Suite)
This guide covers the basics of setting up Pomerium to use GCP and Google Workspace / G Suite as your identity provider.
Google changes their configuration screens frequently. Please refer to Google's documentation for authoritative instructions.
Setting up OAuth 2.0
You need OAuth 2.0 credentials, including a client ID and client secret, to authenticate users.
Create OAuth 2.0
Log in to your Google account and go to the APIs & services.
Navigate to Credentials using the left-hand menu. If you're not already in a project, you can select one here.
On the Credentials page, click Create credentials and choose OAuth Client ID.
cautionIf you don't currently have an OAuth consent page configured, Google will not allow you to create credentials until this is completed. Please follow Google's instructions for doing so.
For the Application type choose Web application.
Give the client ID a Name, and add an Authorized redirect URI. The redirect URI format is
https://${authenticate_service_url}/oauth2/callback
(e.g.https://authenticate.localhost.pomerium.io/oauth2/callback
).Click Create once complete.
The Google Cloud Console will display your Client ID and Client Secret. Temporarily save these values to import into Pomerium later.
Configure Pomerium
Edit config.yaml
or set your environment variables to connect Pomerium to Google:
- config.yaml
- Environment Variables
idp-provider: "google"
idp-client-id: "yyyy.apps.googleusercontent.com"
idp-client-secret: "xxxxxx"
IDP_PROVIDER="google"
IDP_CLIENT_ID="yyyy.apps.googleusercontent.com"
IDP_CLIENT_SECRET="xxxxxx"