Set up Google Workspace with Open ID Connect

About this task

Use this task set up Google Workspace with Open ID Connect (OIDC) in Google Cloud (GCP).

Procedure

  1. Log into Google Cloud using https://console.cloud.google.com.
  2. To create a new project:
    1. From the drop-down menu at the top of the screen, select NEW PROJECT.
      Click to expand in new window
    2. Enter a name in the Project Name field and select CREATE.
    3. Select the newly created Project and under the Quick Access menu, select APIs & Services.
    4. Go to OAuth consent screen.
    5. Under User Types, select the Internal radio button and select CREATE.
    6. In the App Information section, enter the App Name, select a User support email from the drop-down list.
    7. In the Developer contact information section, enter an email address and select SAVE AND CONTINUE.
    8. On the Scopes screen, make no updates and select SAVE AND CONTINUE.
    9. On the Summary screen, to complete the configuration, select BACK TO DASHBOARD.
  3. To create new API credentials:
    1. Go to Credentials, and select CREATE CREDENTIALS.
    2. Select OAuth client ID from the available options.
    3. On the Create OAuth client ID screen, select Web application from the Application type drop-down list, and enter a name for the OAuth client.
    4. From the Universal ZTNA Identity Provider screen, copy the two Redirect URIs from the Set up Redirect URIs section and enter them in the Authorized redirect URIs section in Google Workspace.
    5. Select CREATE.
      The system displays and OAuth client created dialog.
    6. Copy the Client ID and Client secret to use in Universal ZTNA.
      Click to expand in new window
    7. On the Universal ZTNA IDP Configuration screen, in the Setup Extreme Cloud ZTNA section, enter in the saved Client ID and Client Secret.
    8. Select Validate Information to check to confirm that the information is valid.
    9. Once the information is successfully validated, select Update to apply the integration.
      To configure the integration to be able to authenticate users against Google Workspace, a Secure LDAP Configuration must be added to Google.
  4. To add a secure LDAP configuration to Google:
    1. Log into the admin portal for Google workspace.
    2. Go to APPS > LDAP.
    3. Select ADD CLIENT.
      The system displays the Client Details page.
    4. Enter the LDAP client name and select CONTINUE.
      The system displays the Access Permissions page.
    5. Under Verify user credentials, select the Entire domain option.
    6. Under Read user information, select the Entire domain option.
    7. select ADD LDAP CLIENT.
    8. Once the certificate is generated, select Download certificate and save it for use in Universal ZTNA.
      Click to expand in new window
    9. Select CONTINUE TO CLIENT DETAILS.
    10. By default, the LDAP client is not enabled. Under Service Status, select the drop-down option.
      The system displays the Service Status screen.
    11. To enable the LDAP client, select the ON for everyone option and select SAVE.
    12. On the Identity Provider page in Universal ZTNA, select the Secure Access to Networks check box and upload the previously saved certificate bundle (zip file).
    13. Select Validate Information.
9038015-00 Rev AB