Configure Google Workspace - OpenID Connect

Before you begin

Retrieve the ClientID and Client Secret from Azure.

About this task

This task shows you how to configure your identity provider using Google Workspace - OpenID Connect.

Procedure

  1. Select Onboarding.
    The welcome window displays.
  2. Select Secure Hybrid Access [Secure Application Access or Secure Network Access].
    The Secure Provider window displays with ExtremeCloud Universal ZTNA.
  3. Select Next.
    The Onboarding window displays.
  4. Select OpenID Connect from the Single Sign-On Method drop-down list.
  5. Follow the instructions under Setup Redirect URI.
  6. Enter the ClientID.
  7. Enter the Client Secret.
    Note

    Note

    Redirect URLs are on the IdP set up page on the UI. You can copy and update redirect URLs in Google Workspace. In Google Workspace, specify the following URLs under the URI section. These URLs redirect the user to the Google Workspace portal after a successful authorization by Google Workspace during log-in and sign-up.
    • https://server URL/auth/api/v1/accounts/google/login/callback/
    • https://server URL/auth/api/v1/accounts/invite/google/signup/callback/
  8. (Optional) Select All Domains or Custom and enter the domain.
    If you select Custom, fill in the approved domains. Applicable for network and application access.
  9. (Optional) Select Secure Network Access.
    Note

    Note

    This option uses Secure LDAP with Google Workspace to enable secure network access in Universal ZTNA.
    1. Follow the instructions on the UI.
    2. Upload the certificate.
  10. Select Validate Information.
    A message in the upper right corner confirms the validation test passed.
  11. Select Update.
    Update Identity Provider pop-up window displays. This message cautions you that the Identity Provider change logs out current workspace users.
  12. If you decide to continue, select Confirm.
  13. Select Next.
    The Onboarding - Access Groups window displays.
  14. Configure Access Groups.
  15. Configure Resources.
  16. Configure Applications and Application Groups.
    You can skip this step if you are using Secure Network Access.
  17. Configure Policies.

Results

Your onboarding is complete. Your users, applications, and devices can now access the network securely.