# Google Identity Integration

Allow your users to sign in to AccessIQ using their Google accounts.

## Prerequisites

* A Google Cloud account with project creation permissions
* AccessIQ tenant with admin access

## Step 1: Create a Google Cloud Project

1. Go to the [Google Cloud Console](https://console.cloud.google.com).
2. Click the project dropdown at the top and select **New Project**.
3. Name the project (e.g., `AccessIQ Integration`) and click **Create**.

## Step 2: Configure the OAuth Consent Screen

1. In the Google Cloud Console, go to **APIs & Services > OAuth consent screen**.
2. Select your user type:
   * **Internal** -- only users within your Google Workspace organization
   * **External** -- any Google account
3. Fill in the required fields:

| Field                   | Value                      |
| ----------------------- | -------------------------- |
| App name                | `AccessIQ`                 |
| User support email      | Your support email address |
| Authorized domains      | `accessiq.app`             |
| Developer contact email | Your email address         |

4. Add the scopes: `email`, `profile`, `openid`.
5. Click **Save and Continue** through the remaining steps.

## Step 3: Create OAuth Credentials

1. Go to **APIs & Services > Credentials**.
2. Click **Create Credentials > OAuth client ID**.
3. Set **Application type** to **Web application**.
4. Configure the following:

| Field                    | Value                                                         |
| ------------------------ | ------------------------------------------------------------- |
| Name                     | `AccessIQ`                                                    |
| Authorized redirect URIs | `https://<your-tenant>.accessiq.app/api/auth/callback/google` |

5. Click **Create** and copy the **Client ID** and **Client Secret**.

## Step 4: Add Google as a Provider in AccessIQ

1. In AccessIQ, go to **Identity > Providers**.
2. Click **Add Provider** and select **Google**.
3. Enter the **Client ID** and **Client Secret**.
4. Click **Save**.

## Step 5: Test the Connection

1. Open your AccessIQ login page in a private browser window.
2. Click **Sign in with Google**.
3. Select a Google account and confirm you reach the AccessIQ dashboard.

## Notes

* If your OAuth consent screen is set to **External** and is in testing mode, only test users you have explicitly added will be able to sign in. Submit for verification when ready for production.
* Google OAuth credentials do not expire, but you can rotate the secret at any time from the Google Cloud Console.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://accessiq.gitbook.io/accessiq-docs/identity-and-single-sign-on/google.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.