Create an OAuth client
- Configure the OAuth consent screen for the organization.
- Create an OAuth client ID with application type Web application.
- Add the exact authorized redirect URI displayed on the portal’s Single sign-on page.
- Copy the client ID and client secret into a secure temporary location.
Configure the portal
- Select Google Workspace as the provider.
- Enter the client ID and client secret.
- Add every approved Workspace hosted domain; do not use an email suffix as the only identity check.
- Choose JIT and role defaults, then save and test with an account in an approved domain.