HOW TO

Configure OpenID Connect through Google accounts

Last Published: August 24, 2024

Summary

OpenID Connect is an authentication layer on top of OAuth 2.0, which is similar to the Security Assertion Markup Language (SAML) authentication. It allows third-party applications to verify the identity of an end-user and provides basic user profile information. This article provides the instructions to configure OpenID Connect through Google accounts.

Procedure

In the Google API Console

  1. Open the Google API Console, and log in with a Google account.
  2. Click Dashboard > CREATE PROJECT.
The Google Cloud Platform window with the new project in the Google API Console.
  1. On the New Project page, fill in the Project name box, and click CREATE.
The Google Cloud Platform window with the new project opened in the Google API Console to include the Project name.
  1. Click OAuth consent screen, and select the External option for User Type. Click CREATE.
The Google Cloud Platform window with the new project opened in the Google API Console to select the External user type.
  1. On the Edit app registration page in the OAuth consent screen section, fill in the App name, User support email, and Email addresses boxes. Click SAVE AND CONTINUE.
The Google Cloud Platform window with the new project opened to fill in the app information in the OAuth consent screen.
  1. In the Scopes section, click ADD OR REMOVE SCOPES.
The Google Cloud Platform window with the new project opened to add or remove scopes in the app for authorization.
  1. In the Update selected scopes window, check the /auth/userinfo.email, /auth/userinfo.profile, and openid check boxes. Click UPDATE.
The window to update the type of scopes of the new APIs.
  1. Click SAVE AND CONTINUE.
  2. In the Test users section, click ADD USERS. In the Add users window, fill in the email address of the test users, and click ADD.
The Google Cloud Platform window with the new project opened to add the test users. Filling in the test users' addresses in the Add users window.
  1. Click SAVE AND CONTINUE.
  2. Click Credentials > CREATE CREDENTIALS > OAuth client ID.
The Google Cloud Platform window with the new project opened to select the OAuth client ID credential to be created.
  1. On the Create OAuth client ID page, click the Application type box, and select Web application.
  2. Fill in the name in the Name box, and click CREATE. A Client ID and Client Secret is created. Proceed with the next workflow in ArcGIS Online.
The window to set up the application type and the name of the created OAuth client ID.

In ArcGIS Online
  1. Log in to the ArcGIS Online organizational account.
  2. Click the Organization tab > Settings. Navigate to Security.
  3. On the Security page, navigate to the Logins section. Click New Open ID Connect login.
The window to set up a new Open ID Connect login in ArcGIS Online.
  1. In the Set up OpenID Connect login window, fill in the Login button label, Registered client ID, Registered client secret, Provider scopes/permissions, Provider issuer ID, OAuth 2.0 authorization endpoint URL, Token endpoint URL, and JSON web key set (JWKS) URL boxes.
Note:
The Registered client ID and Registered client secret sections are obtained from Step 13 in the previous workflow. The Provider issuer ID, OAuth 2.0 authorization endpoint URL, Token endpoint URL, and JSON web key set (JWKS) URL sections are obtained from the openid configuration web page.
  1. Click Save.
The window to fill in the information.
  1. Click the Edit icon. In the Edit OpenID Connect login window, navigate to the Login Redirect URI section. Click the Copy button.
  2. Click Save.
The window to edit the newly created OpenID Connect Test login in ArcGIS Online.
The window to copy the newly generated Login Redirect URI from the Edit OpenID Connect login.
  1. Open Google API Console once more, and navigate to APIs & Services. Click the Credentials tab.
  2. In the OAuth 2.0 Client IDs section, click the Edit OAuth client icon on the newly created project.
The window to edit the created OAuth 2.0 Client ID in the Google API Console.
  1. Navigate to the Authorized redirect URIs section, and click ADD URI. Paste the URI from Step 6, and click SAVE.
The window to add the URIs in the Authorized redirect URIs section.
  1. On the Security page in ArcGIS Online, navigate to the Logins section. Toggle the created OpenID Connect login option on.
The window showing the toggle on to the OpenID Connect Test login option.
  1. Log out from ArcGIS Online, and log in again through the ArcGIS Online login page.
The window with the OpenID Connect Test login option available on the ArcGIS Online login page.

Article ID: 000024986

Software:
  • ArcGIS Online
  • Third Party Product

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options