# Google Workspace

## Instruqt SSO Integration with Google Workspace

Set up Single Sign-On (SSO) for `play.instruqt.com` using Google Workspace. Instruqt's native Google Workspace integration utilizes OpenID Connect (OIDC) to securely authenticate users.

### Prerequisites

* An active Google Workspace account with administrative privileges to manage API and application settings.
* An active Instruqt account with SSO configuration enabled.

### Step-by-Step Configuration

Follow these steps within your Google Cloud Console to create the necessary OAuth 2.0 credentials and retrieve the required parameters.

#### Step 1: Create a New Google Cloud Project

1. Log in to the [Google Cloud Console](https://console.cloud.google.com).
2. From the project selector at the top, click **NEW PROJECT**.
3. Give the project a descriptive name, such as `Instruqt SSO Integration`.
4. Click **CREATE**.

#### Step 2: Configure the OAuth Consent Screen

1. In the navigation menu, go to **APIs & Services > OAuth consent screen**.
2. Select the **User Type** (Internal or External) that applies to your organization.
3. Provide the required application details, including the application name (`Instruqt SSO`), user support email, and developer contact information.
4. Click **SAVE AND CONTINUE**.

#### Step 3: Create OAuth 2.0 Credentials

1. In the navigation menu, go to **APIs & Services > Credentials**.
2. Click **CREATE CREDENTIALS** and select **OAuth client ID**.
3. For the **Application type**, select **Web application**.
4. Give the client a descriptive name, such as `Instruqt SSO Client`.
5. Under the **Authorized redirect URIs** section, click **ADD URI** and enter the following URL: `https://sso.play.instruqt.com/login/callback`
6. Click **CREATE**.

#### Step 4: Retrieve Client ID and Client Secret

1. After creating the credentials, a pop-up will display your **Client ID** and **Client secret**.
2. Copy these two values and store them securely.
3. You will also need to provide your **Google Workspace Domain** (e.g., `your-company.com`). This is the domain you use for your Google Workspace accounts.

#### Step 5: Finalize Configuration in Instruqt

1. Go to `https://play.instruqt.com/manage/{team-name}/sso`
2. Select the **Google Workspace** option.
3. Use the three parameters you retrieved in Step 4 (**Domain**, **Client ID**, and **Client Secret**) to configure the integration.
4. Click **Save**. Users in your organization will be able to sign in to play.instruqt.com using their Okta credentials.