> ## Documentation Index
> Fetch the complete documentation index at: https://hoopdev-feat-new-runbook-parameters.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Google

## Requirements

* An [account in GCP](https://console.cloud.google.com)
* `API_URL` is the public DNS name of the hoop gateway instance

Contact the administrator of the hoop gateway instance to retrieve the `API_URL` address.

## Identity Provider Configuration

<Steps titleSize="h3">
  <Step title="Create an Application">
    Login with your account at [https://console.cloud.google.com/apis/credentials](https://console.cloud.google.com/apis/credentials)

    * Go to `Credentials` > `Create Credentials` button > `OAuth Client ID`
    * In Application type, select `Web Application`
    * Give it a name (i.e. “Hoop”)
  </Step>

  <Step title="Configure the Redirect URIs">
    * Click Authorized redirect URIs and add the URL: `{API_URL}/api/callback`
    * Click Create button
    * Take note on the `ClientID` and `Client Secret`
  </Step>

  <Step title="Collect the Credentials">
    When you created the app, you got those. But they are also available in the JSON file that was downloaded by the creation time. The download is also available at:

    * Credentials > OAuth 2.0 Client IDs > Actions > Download
  </Step>

  <Step title="Collect Issuer Information">
    The Issuer URI is `https://accounts.google.com`
  </Step>
</Steps>

## Configuring Groups

Groups are synchronized by performing a request to the [Cloud Identity API](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships/searchDirectGroups) as a best effort operation.

<Note>
  This feature is available in version 1.35.2 and later.
</Note>

<Steps>
  <Step title="Add the Scope">
    Configure the gateway with the env **IDP\_CUSTOM\_SCOPES**

    * `https://www.googleapis.com/auth/cloud-identity.groups.readonly`

    Users will need to provide consent for the following access permissions when first logging in to enable proper group synchronization.

    <Frame>
      <img src="https://mintcdn.com/hoopdev-feat-new-runbook-parameters/jEgq0bFD0hXYK9XM/images/configure/identity-providers/google-authentication-consent.png?fit=max&auto=format&n=jEgq0bFD0hXYK9XM&q=85&s=bf0679b8934a5a7663a21328a1fa0d24" width="2088" height="1164" data-path="images/configure/identity-providers/google-authentication-consent.png" />
    </Frame>

    <Note>
      Restart the gateway after applying these changes.
    </Note>
  </Step>

  <Step title="Enable the Cloud Identity API in your project">
    * Visit the [Cloud Identity API Page](https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/overview)
    * Clik in the button `ENABLE`
  </Step>
</Steps>

<Warning>
  When configuring group synchronization, admin access may be revoked upon your next sign-in.
  To maintain administrative privileges, set the `ADMIN_USERNAME` configuration parameter to a Google Workspace group that you want to map as admin on Hoop.
</Warning>