Skip to main content

Identity Provider Configuration: Google Workspace

Trio articles

Configure Identity Provider for SSO Authentication (Google Workspace)

Prerequisites

  • Required permissions: Admin role with access to the Identity Provider integration module

  • Supported platforms: Web-based (Chrome, Edge, Safari)

  • Time estimate: 10–15 minutes

  • Additional requirements:

    • A Google Workspace admin account

    • Registered OAuth 2.0 credentials (Client ID and Secret)

    • Verified domain within Google Workspace

Before You Start

Connecting an identity provider allows your organization to manage user authentication through a centralized Single Sign-On (SSO) mechanism. This not only reduces password fatigue but also improves security and compliance.
You will use Google’s OpenID Connect (OIDC) protocol to authenticate users and enable features such as Just-in-Time (JIT) provisioning and multi-domain support.
Before proceeding, ensure you’ve registered the MDM platform as an OIDC client in the Google Developer Console.

Step 1: Navigate to Identity Providers

  1. Go to the left sidebar and click on Integrations > Identity Providers.

  2. You’ll see available provider options for Google Workspace and Microsoft Entra ID.

Step 2: Connect Google Workspace

  1. Click Set up SSO under the Google Workspace card.

  2. A modal will appear showing integration capabilities such as Multi-domain Support, Secure Authentication, and Just-in-Time Provisioning.

  3. Click to Start.

Step 3: Enter Identity Provider Configuration

  1. You need to copy and paste the Redirect URI into the Google Cloud Console so you can generate the required information to complete setup.

  2. Copy the URL from the Trio panel in the Google Cloud Console.

  3. Go to https://console.cloud.google.com/ and open the Clients tab.

  4. Paste the copied URI into the Authorized redirect URIs field and save your changes.

After you're done, Fill in the following required fields:

  • Name: A unique identifier for the SSO connection (e.g., “Corp Google SSO”)

  • Google Workspace Domain: Your organization’s verified domain (e.g., yourcompany.com)

  • Client ID: From your Google Workspace OIDC app

  • Client Secret: From your Google Workspace OIDC app.

After completing the steps, get the Client ID and the data generated for you and paste it back in the Trio panel to complete authorization.

Next Steps

  • Monitor user login activity via the Activity tab

  • Set up SSO Applications to leverage the new identity provider

  • Configure fallback login methods to avoid lockouts

Troubleshooting

Issue

Cause

Solution

Users see “SSO failed”

Domain mismatch

Verify Google Workspace domain is correctly entered

Provider shows "Disconnected"

Token expired

Edit and re-authenticate with a fresh client secret

New users can't log in

JIT provisioning off

Enable Just-in-Time provisioning in your OIDC settings

Login fallback not working

Not configured

Ensure fallback login is enabled before disconnecting

Related Articles
Connect Google MDM Using Trio Managed Setup
Identity Provider Configuration: Microsoft Entra ID
Cloud Directory Configuration: Google Workspace
Implementing SAMA Compliance for Endpoints with Trio — Technical Overview
Understanding Trio IdP: The Architecture of Modern Identity Management
Did this answer your question?