This article is to guide you through gathering the information to enable SSO for the Google IdP.
There are a couple of additional considerations when using Google as your IdP:
1. We do not support Access Token for the Google IdP, so ID Token must be used, this is due to a difference in the way Google access tokens work, they are not for the same purpose as other IDPs access tokens.
2. We do not currently support role mapping for the Google IdP, so users will need to be created in the database manually to apply permissions to them. For further information on the correct way to implement this, please see the following knowledge base article Using Neo4j to grant permissions to SSO Users
3. There is currently an issue using the Google IdP with workspace that we are working on fixing.
Below you will find assistance for finding the information we need to configure SSO, as well as how to set up redirect URIs.
1. In your GCP Console browse to the Hamburger Menu -> APIs & Services -> Credentials as in the screenshot below
2. You should see your OAuth 2.0 Client IDs as below, we will need the client ID that you intend to use for the Neo4j application:
User Principal + Username
1. The user principal is a unique identifier for your users, for google this is typically set to email, but if you want this to be something different please let us know.
2. Optionally we can also specify a username claim, this is the username that users will see when they log in, if none is specified we will set this to be the same as the User Principal. If you prefer a different field, please let us know.
1. Similar to the Client ID, browse to the Hamburger Menu - > APIs and Services -> Credentials, this time you will need to click on the name text of the client you are using for neo4j:
2. You will find your secret under the additional information section:
Configuring Redirect URIs
1. As in the secret key section, browse to the client you intend to use for Neo4j, click on ADD URI as highlighted below:
2. Enter the redirect URI in the empty box that appears, and click save, you can add as many URIs as you need before clicking save: