>
    Strata Copilot
    Set Up OIDC Authentication (Google)
    Focus
    Download PDF
    Focus
    1. Home
    2. Identity
    3. Authenticate Users with the Cloud Identity Engine
    4. Configure an OIDC Authentication Type
    5. Set Up OIDC Authentication (Google)
    Download PDF
    Identity

    Set Up OIDC Authentication (Google)

    Table of Contents

    Set Up OIDC Authentication (Google)

    Learn about setting up OIDC authentication for Google in CIE.
    1. Set up OIDC as an authentication type in the Cloud Identity Engine.
      1. Select AuthenticationAuthentication TypesAdd New Authentication Type.
      2. Set Up the OIDC authentication type.
      3. Enter a unique and descriptive Authentication Type Name for your OIDC configuration.
      4. Copy the Callback URL/ Redirect URL.
    2. Configure Google to use OIDC with the Cloud Identity Engine.
      1. Select your account and Enter your password then click Next.
      2. Create a new project or select an existing project.
      3. Enable the Identity and Access Management (IAM) API (if it's not already enabled).
      4. Select APIs & ServicesOAuth consent screen then configure the OAuth consent screen.
      5. Create your OAuth 2.0 credentials, copy the Client ID and Client Secret, and store them in a secure location.
        Don’t allow the client secret to expire. If the client secret isn’t up to date, users can’t log in using OIDC.
    3. Obtain the information you need to complete your OIDC Google configuration and enter it in your Cloud Identity Engine configuration.
      1. Copy the following information from your configuration and save it in a secure location:
        • The Name you entered in step 2.
        • The Client ID and Client secret you copied in step 2 (if you did not do so in the previous step).
        • The Authorized redirect URIs you copied in step 1.
      2. Enter the application name you entered in step 2 as the Client Name.
      3. Enter the Client ID you copied in step 2.
      4. Enter the Client Secret you copied in step 2.
      5. Enter the Authorized redirect URIs that you copied in step 1 as the Issuer URL.
      6. (Optional) If you have your Endpoint URL, enter it here. If not, continue to the next step (the Cloud Identity Engine populates the Endpoint URL automatically after you successfully test the connection).
      7. Click Test Connection and log in to confirm that the Cloud Identity Engine can reach your Google IdP using OIDC.
        If you did not enter the OIDC Issuer URL in the previous step, the Cloud Identity Engine automatically populates the information.
      8. After confirming that the connection is successful, Submit the configuration.
        You can now use OIDC as an authentication type when you Set Up an Authentication Profile.

    © 2026 Palo Alto Networks, Inc. All rights reserved.