XCreds Setup with Google OIDC

You are here:

Download the example Google mobileconfig file.

To use XCreds with Google as the OIDC provider:

  1. Make sure you use build 1276 or later of XCreds.
  2. Create a project or select an existing project in the Google Cloud console.
  3. Go to API & Services-> Credentials.
  4. Create a consent screen by clicking the Configure Consent Screen:

    XCreds setup Google consent screen

  5. Select User Type as Internal (or as appropriate for your organization):

    XCreds setup Google user type

  6. Fill out the App information with your organization appropriate info:

    XCreds setup Google app information

  7. Leave Scopes empty:

    XCreds setup Google scopes

  8. Go to the credential section and add an OAuth Client ID by clicking Create Credentials->OAuth Client ID

    XCreds setup Google credentials oauth client id

  9. Select the Web Application and the following details:

    Application Type: Web Application
    Name: XCreds
    Redirect URL: https://twocanoes.com/xcreds

    XCreds setup Google web application details

  10. Copy client id and secret

    XCreds setup Google OAuth client

  11. Create a profile and make sure to change the scope to not include offline access (scopes should be profile openid) and to include the special key shouldSetGoogleAccessTypeToOffline. Also, make sure to set the Redirect URI to the value you set above (in this example, https://twocanoes.com/xcreds.

    XCreds setup Google create profile
  12. It may also be helpful to add the preference aliasName to the profile and set it to a value such as given_name. This is optional but may help if offline user sign-in is needed. By default the macOS user name created will otherwise be the value returned in the Google auth payload for sub, which may be a difficult value to enter for user name.