Skip to main content

Requirements

  • An account in GCP
  • API_URL is the public DNS name of the hoop gateway instance
Contact the administrator of the hoop gateway instance to retrieve the API_URL address.

Identity Provider Configuration

1

Create an Application

Login with your account at https://console.cloud.google.com/apis/credentials
  • Go to Credentials > Create Credentials button > OAuth Client ID
  • In Application type, select Web Application
  • Give it a name (i.e. “Hoop”)
2

Configure the Redirect URIs

  • Click Authorized redirect URIs and add the URL: {API_URL}/api/callback
  • Click Create button
  • Take note on the ClientID and Client Secret
3

Collect the Credentials

When you created the app, you got those. But they are also available in the JSON file that was downloaded by the creation time. The download is also available at:
  • Credentials > OAuth 2.0 Client IDs > Actions > Download
4

Collect Issuer Information

The Issuer URI is https://accounts.google.com

Configure Hoop Gateway

Go to Integrations > Authentication and fill in:
  • Auth Method: OIDC
  • Issuer URL: https://accounts.google.com
  • Client ID: the Client ID from above
  • Client Secret: the Client Secret from above

Configuring Groups

Groups are synchronized by performing a request to the Cloud Identity API as a best effort operation.
This feature is available in version 1.35.2 and later.
1

Add the Groups Scope to Hoop Gateway

Add the Cloud Identity scope to the gateway configuration. In Integrations > Authentication, add the following to the Scopes field:
  • https://www.googleapis.com/auth/cloud-identity.groups.readonly
Or via API, include it in the scopes array of the oidc_config.Users will need to provide consent for the following access permissions when first logging in to enable proper group synchronization.
2

Enable the Cloud Identity API in your project

When configuring group synchronization, admin access may be revoked upon your next sign-in. To maintain administrative privileges, update the Admin Role Name in Integrations > Authentication to match a Google Workspace group you belong to before signing in again.