> ## Documentation Index
> Fetch the complete documentation index at: https://docs.taqtile.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Single sign-on: authentication login using Google Cloud

> Authentication and login configuration options for securing access to your Manifest domain.

## About 

Single sign-on (SSO) is a type of authentication in which a user logs in to one system and is automatically granted access to other services.  Single sign-on is often used within enterprise environments (and with services such as Manifest) where employees access numerous apps and services daily.  Rather than having an employee create a separate set of credentials to log into every application they use daily, SSO allows a single login for authentication of many services using an OpenID platform.    

There are several different OpenID providers.  We have included a link below.  In this article, however, we outline how to set up SSO authentication using Google Cloud.  

## Prerequisites 

* A Google account 
* Manifest permissions and role MUST BE either Administrator or Security Administrator 

## Setting up Google Cloud 

* Go to: [https://console.cloud.google.com/apis/credentials](https://console.cloud.google.com/apis/credentials) 
* Log into the Google account 
* Select **“+ Create Credentials”** 

<img src="https://mintcdn.com/taqtile/QLhQjvOmtl9vsSFI/images/GoogleConsole_CreateCredentials-1024x152.png?fit=max&auto=format&n=QLhQjvOmtl9vsSFI&q=85&s=c467906d39863a63b2328b30715675b2" alt="Google Console Create Credentials" width="1024" height="152" data-path="images/GoogleConsole_CreateCredentials-1024x152.png" />

* From the dropdown, select **“OAuth client ID”** 

<img src="https://mintcdn.com/taqtile/zGlN2SSJo3bfoUUU/images/OAuthClientID.png?fit=max&auto=format&n=zGlN2SSJo3bfoUUU&q=85&s=570c503e7aa6e6c392462fa698fd0f64" alt="Oauth Client Id" width="1018" height="463" data-path="images/OAuthClientID.png" />

* Under the Application Type dropdown, select **“Web Application”**  

<img src="https://mintcdn.com/taqtile/GgXzx92gXNhV95Hp/images/ApplicationType.png?fit=max&auto=format&n=GgXzx92gXNhV95Hp&q=85&s=513baff3ea01398d434dd82d2d5bc421" alt="Application Type" width="952" height="690" data-path="images/ApplicationType.png" />

* Under Name enter the name of your application 

<img src="https://mintcdn.com/taqtile/zGlN2SSJo3bfoUUU/images/Name.png?fit=max&auto=format&n=zGlN2SSJo3bfoUUU&q=85&s=3ace550bf0a60085110985fd362172d1" alt="Name" width="847" height="382" data-path="images/Name.png" />

* Under Authorized redirect URIs, select **“+ Add URI”** 
* Enter in the Manifest domain name and append with /rest/sign-in-by-oidc-callback 
  * Example:  [https://testdomain.taqmanifest.com/rest/sign-in-by-oidc-callback](https://testdomain.taqmanifest.com/rest/sign-in-by-oidc-callback) 
* Select the “Create” button 

<img src="https://mintcdn.com/taqtile/z7ZwfGwVtZUiFpOT/images/AuthorizeRedirectURI.png?fit=max&auto=format&n=z7ZwfGwVtZUiFpOT&q=85&s=f81f346666fc4054544362016e4ef78e" alt="Authorize Redirect Uri" width="849" height="511" data-path="images/AuthorizeRedirectURI.png" />

* An OAuth client created pop-up modal will appear that will show the Client ID and the Client Secret.  You only will need Your Client ID 

<img src="https://mintcdn.com/taqtile/KTSPEH9PvxOkc-88/images/YourClientID.png?fit=max&auto=format&n=KTSPEH9PvxOkc-88&q=85&s=3c2814c86975ff7ee17b26a4e57ce9a9" alt="Your Client Id" width="750" height="676" data-path="images/YourClientID.png" />

## Adding Google OIDC to Manifest domain 

* Log into your Manifest Web Application 
* Go to Client Settings ‘Gear’ in the top right-hand corner  
* Select **“Authentication Configuration”** 
* Select **“+OIDC button”**  
  * Please note: Only (1) OIDC configuration is allowed.  If this button is grayed out, then the configuration is already set up.  If it’s blue, then OIDC can be configured.  

<img src="https://mintcdn.com/taqtile/zGlN2SSJo3bfoUUU/images/OIDCClientSettings-1024x541.png?fit=max&auto=format&n=zGlN2SSJo3bfoUUU&q=85&s=3dfdaaa8b63b284c31dc96ae93db7e39" alt="Oidcclient Settings" width="1024" height="541" data-path="images/OIDCClientSettings-1024x541.png" />

* Make sure that Flow = Implicit 
* Enter the Client ID from the Google Cloud console 
* Under Issuer enter: [https://accounts.google.com](https://accounts.google.com/)  
* Select **“Update”** 
* Log out  
* Note: there is an option to sign in with OpenID Connect 

<img src="https://mintcdn.com/taqtile/eEEZKVoKLUj-j4Pc/images/SignInOpenID-1024x306.png?fit=max&auto=format&n=eEEZKVoKLUj-j4Pc&q=85&s=b6502db1a82afb0fb0c14ddc577877cb" alt="Sign In Open Id" width="1024" height="306" data-path="images/SignInOpenID-1024x306.png" />

* Select “**Sign In with OpenID Connect”** 
  * Note: users may be prompted to select which account with which to sign in.  Select that account and select **“continue”** 
* Log in successful!
