This article explains how to configure Google OIDC Single Sign-On (SSO) for your Simpplr intranet using Google Cloud.

SSO allows users to log in to Simpplr using their Google credentials without entering a separate username and password.

Prerequisites

Before you begin, ensure you have the required permissions:

• Google Cloud Admin access

• Simpplr Application Manager role

To avoid being locked out during configuration:

1. Go to Manage → Application → Security → External IDP

2. Set Login Type to:
   Use SSO and non-SSO login

This ensures you can still log in using standard credentials until the SSO setup is fully tested.

Create an OAuth App in Google Cloud

1. Go to the Google Cloud Console:
   https://console.cloud.google.com/

2. Navigate to:
   API & Services → Credentials

3. Click Create Credentials and select OAuth client ID.

4. In Application Type, select Web Application.

5. Enter a name for the application.
   Example: Simpplr Intranet

6. Click Create.

7. From the confirmation dialog, copy the following values:

   • Client ID

   • Client Secret

You will use these values when configuring SSO in Simpplr.

Configure Google OIDC in Simpplr

1. Open a new browser tab and log in to your Simpplr tenant as an Application Manager.

2. Navigate to:
   Manage → Application → Security → External IDP (SSO)

3. Click Add → Google.

4. Select OIDC from Radio button.

5. Input each value with the applicable details:

   • Name: This is the display name for the SSO integration, visible on the page. Choose a clear and descriptive name that distinguishes it from other SSO listing 

   • Sign in text: This text displays on the login page. You can provide any custom text

   • The Discovery document URL, Issuer, Authorize endpoint URL, Token endpoint URL, User info endpoint URL, Client authentication are automatically populated for Google, no changes are required here.

   • Consumer key: Add the Client ID retrieved from Google App in Consumer key.

   • Consumer secret: Add the client secret retrieved from Google App in Consumer secret.

   • Scope: This is auto populated in case of Google.

   • Enable SLO: Described in SLO section.

   • Select a login identifier: Google only supports email as of now.

   • Enable JIT provisioning: Enable only if you want new users to be provisioned via Google at the time of login. This is an optional step.

   • Enable JIT Syncing: Enable only if you want users to be Synced via Google at the time of login. This is an optional step.

Configure Redirect URI in Google

After completing the Simpplr configuration, you must update the Google application settings.

1. Return to your Google Cloud Console.

2. Open the OAuth client you created.

3. Locate Authorized redirect URIs.

4. Copy the Redirect URI from the Simpplr Integration Details page.

5. Paste the value into Authorized redirect URIs.

6. Click Save.

Test the SSO Configuration

1. Open a new incognito/private browser window.

2. Navigate to your Simpplr tenant homepage.

3. Click the SSO login button.

4. Authenticate using your Google account.

If configuration is correct, you will be redirected to Simpplr and logged in successfully.

JIT Provisioning

Just-in-Time (JIT) provisioning automatically creates new users in Simpplr when they log in through Google.

Enable JIT Provisioning

1. Log in to Simpplr as an Application Manager.

2. Go to
   Manage → Application → Security → External IDP (SSO).

3. Select the configured Google SSO integration.

4. Click the three-dot menu → Edit.

5. Enable Provision new users via SSO.

6. Save the configuration.

JIT Syncing

JIT syncing updates existing Simpplr user information during login if changes are detected in Google.

Enable JIT Syncing

1. Log in to Simpplr as an Application Manager.

2. Navigate to
   Manage → Application → Security → External IDP (SSO).

3. Select the configured Google SSO integration.

4. Click the three-dot menu → Edit.

5. Enable Sync existing users via SSO.

6. Save the configuration.