# Google Authentication

> :::note
The following steps are valid for Google SSO setup. Note that the following procedure is a broad description of a **sample configuration**. For a fully detailed how-to, visit the official [Google documentation](https://support.google.com/a/answer/60224).
:::

## Configure Google to Recognize a New Orchestrator Instance

:::note
The following steps are valid for Google SSO setup. Note that the following procedure is a broad description of a **sample configuration**. For a fully detailed how-to, visit the official [Google documentation](https://support.google.com/a/answer/60224).
:::

If you do not have the necessary permissions, address to your system administrator in this regard. Make sure that the following service details are set into place:

1. The service must be set as **ON for everyone**.

   Figure 1. Service is ON for everyone setting

   !['Service is ON for everyone setting' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-service-is-on-for-everyone-setting-image-227415-301b5b00.webp)
2. The following mappings must be provided for Orchestrator attributes on the **Attribute Mapping** window:
   * `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
   * `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn`

     Figure 2. Attribute mapping

     !['Attribute mapping' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-attribute-mapping-image-232169-5631d695.webp)

3. The following details must be provided on the **Service Provider** window:
   * `https://orchestratorURL/identity/Saml2/Acs` as the **ACS URL**
   * `https://orchestratorURL/identity` as the **Entity ID**

## Set Orchestrator/Identity Server to Use Google Authentication

1. Define a user in Orchestrator and have a valid email address set on the **Users** page.
2. [Import the signing certificate](https://docs.uipath.com/orchestrator/standalone/2025.10/user-guide/setting-orchestrator-to-use-a-private-key-certificate#private-key-certificates) provided by the Identity Provider to the Windows certificate store using Microsoft Management Console.
3. Log in to the [Management portal](https://docs.uipath.com/orchestrator/standalone/2025.10/user-guide/about-the-host-level#host-management-portal) as a system administrator.
4. Go to **Security**.
5. Select **Configure** under **Google SSO**:

   The **Google SSO configuration** page opens.

6. Set it up as follows:
   * Optionally select the **Force automatic login using this provider** checkbox if, after the integration is enabled, you want your users to only sign in using Google authentication.
   * In the **Display Name** field, type the name that you want to show for the SAML login option on the **Login** page.
   * In the **Client ID** field, add the value obtained while configuring Google.
   * In the **Client Secret** field, add the value obtained while configuring Google.
7. Select **Save** to save the changes to the external identity provider settings.

   The page closes and you return to the **Security Settings** page.

8. Select the toggle to the left of **Google SSO** to enable the integration.
9. Restart the IIS server.