• Log in to the Google Admin console, and go to IAM and admin > Create a project. 

• Enter Project name, assign this project to an organisation and click CREATE. 

• After that, you will be directed to the main dashboard of your project.

• From the main dashboard of your project, go to APIs and services > Credentials. 

• You're now on the OAuth overview dashboard. Click the blue Get started button in the middle.

• You're now on the App Information step of the OAuth consent screen configuration. Enter a name that clearly identifies the app, and select the email users should contact for any OAuth-related queries.

• You're now on the Audience step of the OAuth consent screen setup. Select Internal. 

• Enter a valid developer contact email so Google can reach you for alerts or app-related issues. Tick the checkbox to agree to the Google API services user data policy and click Create to complete the OAuth consent screen setup.

• On the OAuth overview screen, click the Create OAuth client button to begin setting up your OAuth 2.0 credentials for the app. 

• On the Create OAuth client ID screen, select Web application as the Application type, and enter a name (e.g., PureDome OIDC Integration) 

• Scroll down to the Authorised redirect URIs section, enter the following callback URL and then click the Create button to generate your OAuth client ID. 

https://login.puredome.com/oauth2/callback

• Copy the Client ID and Client secret values for later use.

• Copy the following URL (to be used as issuer URL for later use):

https://accounts.google.com 

• From Google Admin console, go to Directory > Organizational units. 

• Click Create organizational unit. 

• Enter a Name of organizational unit and click CREATE. 

• The organization name just created will be visible under all Organizational units under your Google Admin workspace. Now, we need to assign internal users to this organizational unit. 

• Go to Directory > Users, and search the name of the user you intend to assign to your organizational unit.

• On the user's interface, click CHANGE ORGANIZATIONAL UNIT. 

• Select the organizational unit we created in previous steps, and click CONTINUE. 

• From Google Admin console, go to Security > API Controls > App Access Control > Add app > OAuth App Name Or Client ID. 

• Enter the client ID previously copied, and click SEARCH. 

• The OAuth app associated with the entered client ID, which we generated earlier, should be visible.

• Select the application, check the boxes for the client IDs you want to configure, then click SELECT. 

• Assign the OAuth application to the organizational unit of your choice. Click Include organizations. 

• Search for the organizational unit to which we earlier assigned the team members and click SELECT. 

• After selecting the organizational unit, click CONTINUE. 

• Select what type of access this app should have to Google data for users in the selected organizational unit, and click CONTINUE. 

• Review the information and make any necessary adjustments if needed. Then click FINISH. 

• The integration of the app is now completed and ready for use with PureDome.

• Head over to the PureDome console on your browser, navigate to Preferences and Single Sign-On. By choosing Google you will be asked to enter four values as follows:

IDP Name: Any name you want

Client ID: Value copied from Google Admin dashboard

IDP Client Secret: Value copied from Google Admin dashboard

Issuer URL: Created in step 3. 

• After completing all the steps above, you have successfully set up an OIDC application on your Google Admin workspace with SSO enabled for PureDome.