# Google Workspace SSO

## Introduction

Google Workspace provides secure identity management and single sign-on to applications that you can add to your Google Workspace. From Google Workspace, you can automatically provision users who should have access to Paradime i.e. any user who has access to your Google Workspace, will be able to register / login to Paradime.

## Setting up in Google

### 1. Register an OAuth 2.0 app

In your Google API Console set up an OAuth app by following the instructions here: <https://support.google.com/googleapi/answer/6158849>.

During the setup, make sure you choose the following options:

#### 1.1 **User Type**:

Set to **Internal**

#### 1.2 **Authorized Domains**:

In the Authorized domain fields make sure you have at least the following:

* your email domain e.g. if your email is `xyz@abc.com` then `abc.com`
* `auth0.com`

#### 1.3 **Add or remove scopes**:

Choose the following user scopes:

* `../auth/userinfro.email`
* `../auth/userinfo.profile`
* `openid`

You should not choose any **sensitive / restricted scopes**. If you already have an OAuth 2.0 App setup, then you only need to make sure the `Authorized Domains` field is correct by following **1.2** above.

### 2. Create client-id and secret

#### 2.1 Create Credentials

Navigate to the `Credentials` tab within your Google API Console and click on **Create Credentials**. Choose `OAuth client ID` option.

<figure><img src="/files/W37CQyVQm8IxSc9RA5jX" alt=""><figcaption><p><em>Create credentials</em></p></figcaption></figure>

#### 2.2 Enter details

* Choose **Application type**=`Web application`.
* Authorized Javascript origins: enter `https://auth.paradime.io`
* Authorized redirect URIs: enter `https://auth.paradime.io/login/callback`
* Click `Create`

<figure><img src="/files/fYzs1eWJqjXS0z0sJlJ7" alt=""><figcaption><p><em>Enter details</em></p></figcaption></figure>

#### 2.3 Get the client-id and secret

Note down the **client-id** and **client-secret** when the OAuth client created.

<figure><img src="/files/W37CQyVQm8IxSc9RA5jX" alt=""><figcaption><p><em>Get credentials</em></p></figcaption></figure>

## Configuring Paradime for workspace

Contact the Paradime Support team at <support@paradime.io> and share the following information:

* your `google-workspace-domain.com`
* **Client ID**
* **Client Secret**

Paradime Support will process your request. After receiving a confirmation email, you can start logging into Paradime and only users in your Google Workspace will be login to your account in Paradime.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.paradime.io/app-help/documentation/security/single-sign-on/google-workspace-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.