Fortinet black logo

Admin Guide

Home FortiToken Cloud Admin Guide

Example 3: Google OIDC as IdP

Example 3: Google OIDC as IdP

Tooltip

In this example, the SP can be any supported Fortinet application. For a complete list of supported Fortinet applications, see Compatible Fortinet applications.

1. In order to set up OIDC for Google you need to create a new project (i.e., Pick a project name and click on CREATE) in your Google Cloud Platform console:

2. Now make sure you select your project in the top selector, and click on the left-hand bar menu on APIs and Services > OAuth consent screen:

3. Select External to authorise any Google user to log in to your application and press CREATE:

4. Now you can fill in your application name, your support email, your developer contact information and press SAVE AND CONTINUE:

5. Do not add any scopes on the next page, and press SAVE AND CONTINUE:

6. Add some test users on the next page if you'd like, and press SAVE AND CONTINUE:

7. Click on the top menu CREATE CREDENTIALS > OAuth client ID:

8. Now before we continue to the next page, on FTC, create a new user source and set the Interface to OIDC:

Take note of the Callback URL in the following image:

Select Web application as Application type, and add the Callback URL in the Authorised redirect URIs list, then press CREATE:

Then copy your Client ID and Client Secret and fill out the rest of the fields like this:

Tooltip

In the example above, we are mapping the "username" attribute to "email" because we're identifying the users on Google via email, and the attribute we're using to identify the users is "username."

When you're done, click Save. This should work with the existing SPs that you've set up on FTC.

Previous
Next

Example 3: Google OIDC as IdP

Tooltip

In this example, the SP can be any supported Fortinet application. For a complete list of supported Fortinet applications, see Compatible Fortinet applications.

1. In order to set up OIDC for Google you need to create a new project (i.e., Pick a project name and click on CREATE) in your Google Cloud Platform console:

2. Now make sure you select your project in the top selector, and click on the left-hand bar menu on APIs and Services > OAuth consent screen:

3. Select External to authorise any Google user to log in to your application and press CREATE:

4. Now you can fill in your application name, your support email, your developer contact information and press SAVE AND CONTINUE:

5. Do not add any scopes on the next page, and press SAVE AND CONTINUE:

6. Add some test users on the next page if you'd like, and press SAVE AND CONTINUE:

7. Click on the top menu CREATE CREDENTIALS > OAuth client ID:

8. Now before we continue to the next page, on FTC, create a new user source and set the Interface to OIDC:

Take note of the Callback URL in the following image:

Select Web application as Application type, and add the Callback URL in the Authorised redirect URIs list, then press CREATE:

Then copy your Client ID and Client Secret and fill out the rest of the fields like this:

Tooltip

In the example above, we are mapping the "username" attribute to "email" because we're identifying the users on Google via email, and the attribute we're using to identify the users is "username."

When you're done, click Save. This should work with the existing SPs that you've set up on FTC.

Previous
Next