# Configuring SSO: Google

> By configuring and enabling Google as an external identity provider in Orchestrator, you add an option for Google authentication to the **Login** page.

By configuring and enabling Google as an external identity provider in Orchestrator, you add an option for Google authentication to the **Login** page.

## Step 1. Create a Google OAuth Client ID

Prior to enabling Google SSO, you must create authorization credentials for Orchestrator from the Google Console.

1. [Integrate Google Sign-In](https://developers.google.com/identity/sign-in/web/sign-in) and create an OAuth client ID as follows:

   For the **Authorized redirect URI**, add the https://{yourDomain}/identity URL, plus the suffix `/google-signin`. For example, `https://{yourDomain}/identity/google-signin`.
2. Save the **Client ID** and **Client Secret**. You'll use them later when you enable Google SSO from the Management portal.

## Step 2. Configure Google SSO

Now you must configure Google as an external identity provider in Orchestrator.

1. Log in to the host Management portal as a system administrator.
2. Select **Security**. The **Security Settings** window opens.
3. Select **Configure** under **Google SSO**.
   * If you want to only allow logging in to Orchestrator via Google SSO, select the **Force automatic login using this provider** checkbox.
   * In the **Display Name** field, type the label you want to appear under the Google authentication button on the **Login** page.
   * In the **Client ID** field, paste the value obtained from the Google Console.
   * In the **Client Secret** field, paste the value obtained from the Google Console.
4. Select **Save** to save the changes to the external identity provider settings.

   The page closes and you return to the **Security Settings** page.

5. Select the toggle to the left of **SAML SSO** to enable the integration.
6. Restart the IIS site. This is required after making any changes to external providers.

## Step 3. Allow Google SSO for the Organization

Now that Orchestrator is integrated with Google Sign-In, user accounts that have a valid Google email address can use the **Google SSO** option on the **Login** page to sign in to Orchestrator.

!['Google SSO option' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-google-sso-option-image-226149-ff222ac3.webp)

Each organization administrator must do this for their organization/tenant if they want to allow login with Google SSO.

1. Log in to Orchestrator as an administrator.
2. Add local user accounts, each with a valid Google email address.