Google Workspace SSO Setup

Documentation Index

Fetch the complete documentation index at: https://docs.brightdata.com/llms.txt

Use this file to discover all available pages before exploring further.

• A Google Cloud project linked to your Google Workspace organization, with permission to configure the OAuth consent screen and create OAuth client IDs (typically a project owner or editor)
• A Bright Data account with admin permission
• All Bright Data users who will sign in via SSO must already exist in the Bright Data Control Panel under Account Settings → Users. Bright Data Google Workspace SSO uses manual provisioning. There is no SCIM or JIT provisioning.

​

Configure the OAuth consent screen

1. Sign in to the Google Cloud Console with an account that has access to your Google Workspace organization’s project.
2. In the left navigation, go to APIs & Services → OAuth consent screen.
3. Set User type to Internal so only members of your Workspace can sign in.
4. Fill in the required fields (app name, user support email, developer contact information).
5. Save.

​

Create the OAuth client ID

6. In the Google Cloud Console, go to APIs & Services → Credentials.
7. Click Create Credentials → OAuth client ID.
8. Set Application type to Web application.
9. Name the client. We recommend Bright Data Control Panel.
10. Leave Authorized redirect URIs empty for now. You will paste in the Bright Data redirect URI in the next section.
11. Click Create. Google displays a dialog with your Client ID and Client Secret. Copy both values.

​

Configure Bright Data

12. In a new tab, open the Bright Data Control Panel and go to Account Settings → Passwords & authentication.
13. Under Configure Single Sign-On, click Google Workspace.
14. In the dialog, paste:
    • Client ID from step 11
    • Client Secret from step 11
    • Workspace Domain. The primary domain of your Google Workspace (for example, yourcompany.com).
15. Copy the read-only Sign-in redirect URI displayed in the dialog. It has the form https://brightdata.com/users/auth/google_workspace/<customer_id>/done.

​

Paste the redirect URI back into Google

16. Return to the Google Cloud Console OAuth client ID you created in step 7.
17. Under Authorized redirect URIs, click Add URI and paste the Sign-in redirect URI from step 15.
18. Click Save.

​

Activate and test

19. Return to the Bright Data Control Panel Google Workspace dialog.
20. Click Activate.
21. Test by signing out of Bright Data and signing back in via Google Workspace SSO. Use an account whose email is present in both your Google Workspace and the Bright Data Control Panel (Account Settings → Users).

​

Add users for SSO sign-in

1. In the Bright Data Control Panel, go to Account Settings → Users.
2. Add the user’s email address. The email must match the user’s primary Google Workspace email.
3. Set the user’s role.

​

Notes

• The OAuth consent screen must be set to Internal user type. An External consent screen would allow any Google account to attempt sign-in.
• The Workspace Domain field enforces the OIDC hd (hosted domain) claim. Only users whose Google account belongs to the configured Workspace Domain will succeed.
• Google Workspace SSO is a separate feature from the public Continue with Google sign-in button. They use different client IDs, redirect URIs, and provisioning flows. See Google OAuth 2.0.
• If you rotate the Client Secret in Google Cloud Console, update it in the Bright Data dialog as well. Otherwise sign-in fails with an invalid_client error.
• The Sign-in redirect URI must match exactly between the Bright Data dialog and the Authorized redirect URIs list in Google Cloud Console. Mismatches return a redirect_uri_mismatch error.

​

SSO technical reference

​

Google Workspace-specific parameters