• Log in to the Google Admin console, and go to IAM and admin > Create a project. 

• Enter Project name, assign this project to an organisation and click CREATE. 

• After that, you will be directed to the main dashboard of your project.

• From the main dashboard of your project, go to APIs and services > Credentials. 

• Click CONFIGURE CONSENT SCREEN.

• From 0Auth consent screen > User Type, select Internal and click CREATE. 

• Enter App name, and User support email.

• Scroll down, enter Developer contact information, and click SAVE AND CONTINUE. 

• Define scopes (scopes express the permissions you request users to authorize for your app, enabling your project to access specific categories of private user data from their Google Account). Click ADD OR REMOVE SCOPES. 

• Select the highlighted API and Scope, scroll down and click UPDATE. 

• From the app registration page, scroll down and click SAVE AND CONTINUE. 

• Review the summarised version of the app registration recently created. After completing the review, scroll down and click BACK TO DASHBOARD. 

• From the main dashboard of your project, go to APIs and services > Credentials > CREATE CREDENTIALS > OAuth client ID. 

• From Application type, select Web application and enter a Name for your client ID. 

• Scroll down to the Authorised redirect URls, click + ADD URL, enter the following URL and click CREATE. 

https://login.puredome.com/oauth2/callback

• Copy the Client ID and Client secret values for later use.

• Copy the following URL (to be used as issuer URL for later use):

https://accounts.google.com 

• From Google Admin console, go to Directory > Organizational units. 

• Click Create organizational unit. 

• Enter a Name of organizational unit and click CREATE. 

• The organization name just created will be visible under all Organizational units under your Google Admin workspace. Now, we need to assign internal users to this organizational unit. 

• Go to Directory > Users, and search the name of the user you intend to assign to your organizational unit.

• On the user's interface, click CHANGE ORGANIZATIONAL UNIT. 

• Select the organizational unit we created in previous steps, and click CONTINUE. 

• From Google Admin console, go to Security > API Controls > App Access Control > Add app > OAuth App Name Or Client ID. 

• Enter the client ID previously copied, and click SEARCH. 

• The OAuth app associated with the entered client ID, which we generated earlier, should be visible.

• Select the application, check the boxes for the client IDs you want to configure, then click SELECT. 

• Assign the OAuth application to the organizational unit of your choice. Click Include organizations. 

• Search for the organizational unit to which we earlier assigned the team members and click SELECT. 

• After selecting the organizational unit, click CONTINUE. 

• Select what type of access this app should have to Google data for users in the selected organizational unit, and click CONTINUE. 

• Review the information and make any necessary adjustments if needed. Then click FINISH. 

• The integration of the app is now completed and ready for use with PureDome.

• Head over to the PureDome console on your browser, navigate to Preferences and Single Sign-On. By choosing Google you will be asked to enter four values as follows:

IDP Name: Any name you want

Client ID: Value copied from Google Admin dashboard

IDP Client Secret: Value copied from Google Admin dashboard

Issuer URL: Created in step 3. 

• After completing all the steps above, you have successfully set up an OIDC application on your Google Admin workspace with SSO enabled for PureDome.