Connect to the identity provider

There are two options to authenticate users via the identity provider (IdP), as described in the Google Documentation Choose how to connect to your IdP for CSE:

  • Via a .well-known file,

  • Via the Google Workspace administration console.

Use the .well-known file option whenever possible.

Place a .well-known/cse-configuration file in your company's public website, at the domain root. This file identifies the IdP used and provides your external users with your IdP parameters.

For the Google identity provider, the file content is as follows:

{

"name": https://accounts.google.com

"client_id": "37*********",

"discovery_uri": "https://accounts.google.com/.well-known/openid-configuration"

}

For more information, go to the Using remote authentication section of the Administration guide of the SDS encryption service for Google Workspace.

  1. Log into the Google administration console as a super-administrator.

  2. Choose the Security > Access and data control > Client side encryption menu.

  3. Configure the identity provider by entering the information relative to your IdP.

    Name: Name of your choice,

    Client ID: OAuth client ID you created in your Google Cloud Platform project,

    Discovery URI: For Google Identity, it is https://accounts.google.com/.well-known/openid-configuration.

    Configuration window for the identity provider in the Google administration console