# Configuring SSO: Google

> You can enable SSO using Google as your identity provider.

You can enable SSO using Google as your identity provider.

1. Create a Google OAuth client ID:

   Prior to enabling Google SSO, you must create authorization credentials for `Private Test Cloud` from the Google Console.

   1. [Integrate Google Sign-In](https://developers.google.com/identity/sign-in/web/sign-in) and create an OAuth client ID as follows:

      For the **Authorized redirect URI**, add the https://{yourDomain}/{organizationName}/identity_ URL, plus the suffix `/google-signin`. For example, `https://{yourDomain}/{organizationName}/identity_/google-signin`.
   2. Save the **Client ID** and **Client Secret**. You'll use them later when you enable Google SSO from the `host Management portal`.
2. Configure Google SSO:

   Now you must configure Google as an external identity provider in`Private Test Cloud`.

   1. Log in as a system administrator.
   2. Make sure that **Host** is selected at the top of the left pane and then select **Security**.
   3. Under **Google**, select **Configure**.
      * Select the **Force automatic login using this provider** checkbox if you want to only allow login with Google.
      * In the **Display Name** field, type the text you want to show under this login option on the **Login** page.
      * In the **Client ID** field, paste the value obtained from the Google Console.
      * In the **Client Secret** field, paste the value obtained from the Google Console.
   4. Select **Save** in the bottom right to save your configuration and return to the previous page.
   5. Select the toggle to the left of **Google SSO** to enable the integration.
   6. Restart the **identity-service-api-*** pod. This is required after making any changes to External Providers.
      1. Connect to the primary server using SSH.
      2. Run the following command: `kubectl -n uipath rollout restart deployment identity-service-api`
3. Allow Google SSO for the organization:

   Now that `Private Test Cloud` is integrated with Google Sign-In, user accounts that have a valid Google email address can use the **Google SSO** option on the **Login** page to sign in.

   Figure 1. Google SSO sign in option

   

   Each organization administrator must do this for their organization if they want to allow login with Google SSO.

   1. Log in as an organization administrator.
   2. Add user accounts, each with a valid Google email address.