Configure Google Authentication Source
Google authentication login allows users to securely log in to third-party applications or websites using Google as the authentication source. To facilitate enterprise user authentication login, the IDaaS platform supports configuring Google as an authentication source. Users can authenticate and log in to various application systems through Google, bringing enterprise users a simpler and more convenient login method and better user experience. This feature is currently only supported in 2C scenarios.
This guide explains the related operations for configuring a Google authentication source.
Prerequisites
- Administrator permissions for the Google Cloud Platform.
- Administrator permissions for the IDaaS Enterprise Center.
Procedure
Apply for Google OAuth2 Credentials
Log in to the Google Cloud Platform, log in to the Google account, access APIs & Services, create or select your project, and choose the Credentials menu.

For Create credentials, select OAuth client ID, select Web application as the application type, fill in the name, and the authorized redirect URI can be filled in later after creating the corresponding Google authentication source in the IDaaS platform. After configuration, click Create.
After creation, obtain the client ID and client secret.
Configure Google Authentication Source in IDaaS
Log in to the IDaaS Enterprise Center, choose Authentication > Authentication Source Management from the top navigation bar, enter the Google authentication source page, and click Add Authentication Source.

Configure the Google authentication source parameters as prompted. Key parameters are described below.

TIP
When User Not Associated: When the authentication source attributes of the user information returned by the Google platform do not match the associated user attributes in IDaaS, and no system user is associated, the optional configurations are as follows.
- Login and Register: When no user is associated, enter the SMS verification code, and the user can be directly registered and pass authentication and log in.
- Bind Existing User: When no user is associated, the page redirects to the corresponding verification page through the set binding method. After entering the SMS verification code or password verification successfully, the corresponding existing user can be bound.
Obtain the callback address generated by the Google authentication source (example:
https://xxx.bccastle.com/api/v1/login/google), return to the Google Cloud Platform APIs & Services, choose Credentials, edit the created OAuth 2.0 client, and fill in the callback address in Authorized redirect URIs.