Register a Google OAuth client for use in Identity Enterprise SSO.
Ask about this Page
Copy for LLM
View as Markdown
This guide shows you how to register an OAuth client in Google Cloud Console. You need the OAuth client details to complete the Identity Enterprise SSO setup.
Prerequisites
To be able to manage applications, you must have a Google Developer account.
Register a new OAuth client in Google Cloud
- Sign in to the Google Cloud Console at
https://console.developers.google.com.- If you have multiple projects, switch to the correct project.
- Go to API & Services.
- Make sure you have a consent screen configured before proceeding. Check under API & Services > OAuth consent screen.
- Go to API & Services > Credentials, then click Create credentials and select OAuth client ID.
In the Create application dialog, do the following:
- For Application type, select Web application.
- For Name, enter the name of the application. For example "commercetools Identity".
- For Authorized redirect URIs, enter the Redirect URI of Identity as displayed in the SSO configuration form. The value is dependent on the PKCE option. By default it's
https://auth.identity.commercetools.com/self-service/methods/oidc/callbackas we force the use of PKCE. If you select another PKCE option (auto or disable) the Redirect URI changes.
- Click Save.
- Copy the Client ID and Client Secret.
- The Issuer URL for Google is always:
https://accounts.google.com.
PKCE: Identity enforces PKCE for security. No extra Google OAuth setting is required beyond using the Authorization Code grant.
Values to collect
You will need these when configuring Enterprise SSO in Identity:
- Issuer URL
- Client ID
- Client Secret
- Redirect URI (from the Identity SSO configuration form)
Next steps
After registering your client application, continue with the Identity Enterprise SSO initial setup.