Add Google Cloud as an OIDC identity provider for Zero Trust Network Access

In this topic, you will find instructions on how to add Google Cloud as an OIDC identity provider for Portnox™ Zero Trust Network Access.

Prerequisites:

  • You must first integrate your Portnox Cloud instance with your Google Workspace repository as an authentication provider. For more information, see the following topic: Integrate with Google Workspace.

Create a new identity provider configuration in Portnox Cloud

In this section, you will create a new OIDC identity provider configuration in Portnox Cloud

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Settings option.

  3. In the Cloud portal left-hand side menu, click on the Integration Services > IDENTITY PROVIDER SERVICE > Identity Provider menu option.

  4. Click on the Add a new identity provider link and from the drop-down menu, select the Add an OIDC identity provider option.

  5. In the Identity provider details section, enter an Identity provider name and optionally a Description.

    In this example, we used the name Google OIDC for the new identity provider but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Create a new Google Cloud client

In this section, you will access the Google Cloud administrative interface and use it to create a new client registration that will handle integration with Portnox Cloud.

  1. Open your Google Auth Platform console in Google Cloud by going to the following URL: https://console.cloud.google.com/auth/.

    From now on, we will call this tab the Google tab.

  2. In the left-hand side menu, click on the Clients option, and then in the right-hand side pane, click on the Create client button.

  3. In the Create OAuth client ID pane, in the Application type field, select the Web application option, and in the Name field, enter a name for this client.

    In this example, we used the name Portnox ZTNA, but you can use any name you like.

  4. In the Portnox tab, click on the  ⧉  icon next to the Redirect URI field to copy the value to your clipboard.

  5. In the Google tab, in the Authorized redirect URIs section, click on the Add URI button, and then paste the value that you just copied to your clipboard into the URIs 1 field.

  6. Click on the Create button.

Copy configuration values from the Google tab to the Portnox tab

In this section, you will copy the values displayed by the Google Cloud client setup section and paste them in the relevant fields in Portnox Cloud.

  1. In the Google tab, in the OAuth client created window, click on the  ⧉  icon next to the Client ID field to copy the value.

  2. In the Portnox tab, in the Identity provider properties section, click on the empty field under the Client ID heading and paste the value copied from the Google tab.

  3. In the Google tab, in the OAuth client created window, click on the  ⧉  icon next to the Client secret field to copy the value.

    Warning: You will not be able to copy this value later. We recommend that you store this value in a secure place for the future, for example, in a password manager application.
  4. In the Portnox tab, in the empty field under the Client secret heading, paste the value that you copied from the Google tab.

  5. In the Portnox tab, in the Identity provider properties section, click on the empty field under the Issuer URL heading and enter the following value: https://accounts.google.com.

  6. In the Portnox tab, click on the Save and Close button.