Google

The Google OpenID Connect can be configured in the Google Cloud Console

If you don't have any project setup already (or you want to create a new one for this purpose), create it by clicking the dropdown menu here:

If you already have project, make sure to select it in the above dropdown menu.

Now, navigate to APIs & Services

We will focus on the consent screen first, select OAuth consent screen

Pick the User Type according to your needs, this example will focus on the internal type

Fill in all required details. Make sure to fill the correct domain. This should be the top domain under which your Defguard dashboard can be accessed, not the subdomain (e.g. defguard.example.com -> example.com).

On the scopes config screen, click ADD OR REMOVE SCOPES, Defguard requires at least the following scopes:

Proceed until the end and return to the OAuth consent screen dashboard.

Now, go to Credentials, click CREATE CREDENTIALS and choose OAuth client ID

On the next screen, fill out all required information:

Make sure to select "Web application" as the application type. The other thing to note here is the redirect URI. It is the URI to which the user will be redirected from the external provider's authorization. This URI is in the form of <DEFGUARD_DASHBOARD_URL>/auth/callback. Replace <DEFGUARD_DASHBOARD_URL> with the URL under which your dashboard is accessible, e.g. https://defguard.example.com. If you'd like to use OpenID enrollment through proxy, make sure to enter an additional URI here in the form of <DEFGUARD_ENROLLMENT_URL>/openid/callback.

After you proceed further, you will be presented with a popup containing your Client ID and Client Secret, copy them and paste on the Defguard OpenID configuration page.