XCreds Setup with Google OIDC

Created On
Last Updated On
byDave Lebbing
You are here:

Download the example Google mobileconfig file.

To use XCreds with Google as the OIDC provider:

  1. Make sure you use build 1276 or later of XCreds.
  2. Create a project or select an existing project in the Google Cloud console.
  3. Go to API & Services-> Credentials.
  4. Create a consent screen by clicking the Configure Consent Screen:

    XCreds setup Google consent screen

  5. Select User Type as Internal (or as appropriate for your organization):

    XCreds setup Google user type

  6. Fill out the App information with your organization appropriate info:

    XCreds setup Google app information

  7. Leave Scopes empty:

    XCreds setup Google scopes

  8. Go to the credential section and add an OAuth Client ID by clicking Create Credentials->OAuth Client ID

    XCreds setup Google credentials oauth client id

  9. Select the Web Application and the following details:

    Application Type: Web Application
    Name: XCreds
    Redirect URL: https://twocanoes.com/xcreds-redirect



  10. Copy client id and secret

    XCreds setup Google OAuth client

  11. Create a profile and make sure to change the scope to not include offline access (scopes should be profile openid). Then set the preference for Request Google Refresh Token (shouldSetGoogleAccessTypeToOffline) to be checked (true). Also, make sure to set the Redirect URI to the value you set above (in this example, `https://twocanoes.com/xcreds-redirect`).


  12. It may also be helpful to add the preference aliasName to the profile and set it to a value such as given_name. This is optional but may help if offline user sign-in is needed. By default the macOS user name created will otherwise be the value returned in the Google auth payload for sub, which may be a difficult value to enter for user name.