Skip to content

Add Google login

You can add Google login to your applications using Asgardeo and enable users to log in with their Google accounts.

Follow this guide for instructions.

Register Asgardeo on Google

You need to register Asgardeo as an OAuth2.0 application on Google.

Note

For detailed instructions, you can follow the Google documentation.

  1. Go to the Google Developer console, create a new project, or select an existing project.

  2. If the APIs & services page isn't already open, do the following:

    1. Open the navigation menu and click View all products.

    View all products on the Google console

    1. Under Management, click APIs & Services.

    Select APIs & Services

  3. Go to the Credentials page, click Create Credentials, and select Oauth client ID.

    Select APIs & Services

  4. Configure your consent screen by clicking Configure Consent Screen and return to Create OAuth client ID screen once you are done.

    Note

    For more information, see User Consent

  5. Select the Web application as the application type.

  6. Provide a name for your app and the following URL as the Authorized Redirect URI of the application:

    https://api.asgardeo.io/t/{organization_name}/commonauth
    
  7. Take note of the client ID and client secret generated for the application.

Register the Google IdP

Now, let's register the Google IdP in Asgardeo.

  1. On the Asgardeo Console, go to Connections.
  2. Click New Connections and select Google.
  3. Enter the following details of the Google identity provider and click Finish:

    Add Google IDP in Asgardeo

    Parameter Description
    Name A unique name for this Google identity provider.
    Client ID The client ID obtained from Google.
    Client secret The client secret obtained from Google.

When a user logs in with an external identity provider using the same email address registered in a local account, JIT-provisioning overrides the attributes of the local account with the attributes received from the external identity provider.

Asgardeo, by default, enables Just-In-Time (JIT) user provisioning for your external identity provider.

To disable JIT-provisioning,

  1. On the Asgardeo Console, click Connections and select the relevant connection.

  2. Go to the Just-in-Time Provisioning tab of the selected connection.

  3. Check/Uncheck the Just-in-Time (JIT) User Provisioning checkbox to enable/disable it.

    enable/disable JIT user provisioning

  4. Click Update to save the changes.

Note

After the Google identity provider is created, go to the Settings tab and see the list of scopes to which Google has granted permissions.

  • email: Allows to view the user's email address.
  • openid: Allows authentication using OpenID Connect and to obtain the ID token.
  • profile: Allows to view the user's basic profile data.

Note

Asgardeo needs these scopes to get user information. Asgardeo checks the attribute configurations of the application and sends the relevant attributes received from Google to the app. You can read the Google documentation to learn more.

Enable Google login

Before you begin

You need to register an application with Asgardeo. You can register your own application or use one of the sample applications provided.

  1. On the Asgardeo Console, go to Applications.
  2. Select your application, go to the Login Flow tab and add Google login from your preferred editor:

    To add Google login using the Classic Editor:

    1. If you haven't already defined a sign-in flow, click Start with Default configuration to get started.

    2. Click Add Authentication on the step, select your Google identity provider, and click Add.

      Add Google login in Asgardeo

    To add Google login using the Visual Editor:

    1. Switch to the Visual Editor tab, by default the Username & Password login flow will be added onto the Visual Editor's workspace.

    2. Click on + Add Sign In Option to add a new authenticator to the same step and select your Google connection.

      dd Google login in Asgardeo using the Visual Editor


    Recommendations

    It is recommended to add your social and enterprise connections to the first authentication step as they are used for identifying the user.

  3. Click Update to save your changes.

Try it out

Follow the steps given below.

  1. Access the application URL.
  2. Click Login to open the Asgardeo login page.
  3. On the Asgardeo login page, Sign in with Google.

    Login with Google

  4. Log in to Google with an existing user account.

Note

When a user successfully logs in with Google for the first time, a user account is created in the Asgardeo Console with the Google username. This new user account will be managed by Google.

Configure connection

To learn more about other configurations available for the connection, refer to the add federated login documentation.