# Google OIDC Configuration

1. Log in to the Google Cloud Console at <https://console.cloud.google.com/>.
2. At the top of the page, click **Select a Project** or **New Project**.

<div align="left" data-full-width="false"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2Fi3MpfE70p9MCaMes8dih%2Fimage.png?alt=media&#x26;token=44dfcfe0-c24e-4946-aaca-9306dc31900e" alt="" width="308"><figcaption></figcaption></figure></div>

3. In the left menu (or under Quick access on the page), click on **APIs & Services**, then **OAuth consent screen**.&#x20;
4. In the **User Type** section, select **Internal**.

<div align="left"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2Fo7p9z0qXMsJWcgdyJRXy%2Fimage.png?alt=media&#x26;token=06ad870e-e8c9-4d95-90c2-cc0593c125e4" alt="" width="525"><figcaption></figcaption></figure></div>

5. Fill in **Application name** and **Support email** fields, and click **Save and Continue.**

<div align="left"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2FiA36aTezw9d1PEfIRQ4q%2Fimage.png?alt=media&#x26;token=e294a5ce-1b7c-4c7a-8788-0cc5658938e7" alt="" width="525"><figcaption></figcaption></figure></div>

6. Add **email**, **profile**, and **openid**.\ <br>

<div align="left"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2FTvx0doJUHw7tfl6mwW5n%2Fimage.png?alt=media&#x26;token=2927a0b7-5c78-4052-bdfe-6d3079c52acf" alt="" width="563"><figcaption></figcaption></figure></div>

&#x20;

7. Click the **Create credentials** button, and select **OAuth client ID**.\ <br>

<div align="left"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2FfVxUrWzA2Eiu2kuLrbdX%2Fimage.png?alt=media&#x26;token=d7cd1a1e-93eb-45a2-88eb-7275c1429200" alt="" width="525"><figcaption></figcaption></figure></div>

8. Fill in the details below and click **Create**.\
   **Application Type:** `Web application`\
   **Name:** `[Name of you application]`\
   **Authorized redirect URIs:** `https://pbi.parallels.com/rbi/oidc/signin/callback` and `https://pbi.parallels.com/owner/test-idp.`\
   This is the Parallels Browser Isolation redirect URL.

<div align="left"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2Fpmc7KeBsrhFTTk6QOSn8%2Fimage.png?alt=media&#x26;token=90b6f2e9-a869-4de0-9334-c0b54763ea80" alt="" width="548"><figcaption></figcaption></figure></div>

9. In the dialog that appears, copy the Client ID and Client Secret or download the JSON file.
10. Once the above steps are completed, copy the values which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:

<table data-full-width="true"><thead><tr><th width="166">Settings</th><th width="289">Value</th><th>Details</th></tr></thead><tbody><tr><td><strong>Domain</strong></td><td>Ex: acme.com or parallels.com or &#x3C;yourorgdomain.com></td><td>The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]</td></tr><tr><td><strong>Discovery URL</strong></td><td><a href="https://accounts.google.com/.well-known/openid-configuration">https://accounts.google.com/.well-known/openid-configuration</a></td><td>Copy this value from Google's IDP Settings. It should follow the format specified in the Value Column</td></tr><tr><td><strong>Client ID</strong></td><td>******************</td><td>Copy this value from Google's IDP Settings</td></tr><tr><td><strong>Client Secret</strong></td><td>******************</td><td>Copy this value from Google's IDP Settings</td></tr><tr><td><strong>Username Claim Name</strong></td><td>email</td><td>For more info visit; <a href="https://developers.google.com/identity/openid-connect/openid-connect">https://developers.google.com/identity/openid-connect/openid-connect</a></td></tr><tr><td><strong>Groups Claim Name</strong></td><td>groups</td><td>For more info visit; <a href="https://developers.google.com/identity/openid-connect/openid-connect">https://developers.google.com/identity/openid-connect/openid-connect</a></td></tr></tbody></table>

<div align="left"><figure><img src="https://1421284924-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5mooNgJeAuk6nMFZeon2%2Fuploads%2FKbU2tOThs0k3FFHXHiOs%2Fimage.png?alt=media&#x26;token=c846618f-e7ee-4c27-93fa-4f0df7ab81ab" alt="" width="563"><figcaption></figcaption></figure></div>

11. Click **Save** and proceed with adding users using the Admin Management section that was configured in the OIDC.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.parallels.com/landing/pbi-guides/parallels-browser-isolation-administrators-guide/appendix/idp-configuration/google-oidc-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.