kgess-mirror/cloudflare-docs
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflare-docs.git synced 2026-01-16 23:11:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 65

docs: update the Google Console instructions

Browse source
This commit is contained in:
leonace924 2026-01-05 12:42:07 -05:00
parent 85f726128a
commit bd4d09ad10
1 changed files with 49 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
src/content/docs/cloudflare-one/integrations/identity-providers/google.mdx
View file

@ -11,29 +11,46 @@ You do not need to be a Google Cloud Platform user to integrate Google as an ide
## Set up Google as an identity provider
1. Log in to the Google Cloud Platform [console](https://console.cloud.google.com/). Create a new project, name the project, and select **Create**.
### 1. Create a Google Cloud project
2. On the project home page, go to **APIs & Services** and on the sidebar select **Credentials**.
1. Log in to the [Google Cloud Console](https://console.cloud.google.com/).
2. Create a new project, name the project, and select **Create**.
3. Select **Configure Consent Screen**.
### 2. Configure the OAuth consent screen
![Location to configure a Consent Screen in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/configure-consent-screen.png)
1. In your project, go to **APIs & Services** > **OAuth consent screen**.
4. To configure the consent screen:
1. Select **Get started**.
2. Enter an **App name** and a **User support email**.
3. Choose **External** as the Audience Type. Since this application is not being created in a Google Workspace account, any user with a Gmail address can log in.
4. Enter your **Contact Information**. Google Cloud Platform requires an email in your account.
5. Agree to Google's user data policy and select **Continue**.
6. Select **Create**.
2. If this is your first time configuring OAuth, select **Get Started**.
5. The OAuth overview page will load. On the OAuth overview screen, select **Create OAuth client**.
3. Under **App Information**:
- Enter an **App name** (for example, `Cloudflare Access`).
- Select a **User support email** where users can contact you with questions.
- Select **Next**.
![Location to create an OAuth client in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/create-oauth-client.png)
4. Under **Audience**:
- Choose **External** as the audience type. Since this application is not being created in a Google Workspace account, any user with a Google account can log in.
- Select **Next**.
6. Choose _Web application_ as the **Application type** and give your OAuth Client ID a name.
5. Under **Contact Information**:
- Enter an email address where Google can notify you about changes to your project.
- Select **Next**.
7. Under **Authorized JavaScript origins**, in the **URIs** field, enter your team domain:
6. Under **Finish**:
- Review the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy).
- Select **I agree to the Google API Services: User Data Policy**.
- Select **Continue**, then **Create**.
### 3. Create OAuth client credentials
1. Go to **APIs & Services** > **Credentials**.
2. Select **Create Credentials** > **OAuth client ID**.
3. For **Application type**, choose _Web application_.
4. Enter a **Name** for your OAuth client (for example, `Cloudflare Access`).
5. Under **Authorized JavaScript origins**, select **Add URI** and enter your team domain:
```txt
https://<your-team-name>.cloudflareaccess.com
@ -41,23 +58,33 @@ You do not need to be a Google Cloud Platform user to integrate Google as an ide
<Render file="find-team-name" product="cloudflare-one" />
8. Under **Authorized redirect URIs**, in the **URIs** field, enter the following URL:
6. Under **Authorized redirect URIs**, select **Add URI** and enter:
```txt
https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
```
9. After creating the OAuth client, select the OAuth client that you just created. Google will present the **OAuth Client ID** value and **Client secret** value. The client secret field functions like a password and should not be shared. Copy both the **OAuth Client ID** value and **Client secret** value.
7. Select **Create**.
10. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Integrations** > **Identity providers**.
8. Copy the **Client ID** and **Client secret** values. The client secret functions like a password and should be kept secure.
11. Under **Your identity providers**, select **Add new identity provider**. Choose **Google** on the next page.
:::note
Client secrets are only visible at creation time. Store them securely, as you cannot retrieve them later.
:::
12. Input the Client ID (**App ID** in the Cloudflare dashboard) and Client Secret fields generated previously.
### 4. Add Google to Cloudflare Access
13. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Integrations** > **Identity providers**.
14. Select **Save**.
2. Select **Add new identity provider**, then choose **Google**.
3. Enter the following:
- **App ID**: The Client ID from Google.
- **Client Secret**: The Client secret from Google.
4. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
5. Select **Save**.
## Test your connection