cloudflare
diff --git a/‎src/assets/images/cloudflare-one/identity/google/click-configure-consent.png‎
-264 KB b/‎src/assets/images/cloudflare-one/identity/google/click-configure-consent.png‎
-264 KB
diff --git a/‎src/assets/images/cloudflare-one/identity/google/configure-consent-screen.png‎
244 KB b/‎src/assets/images/cloudflare-one/identity/google/configure-consent-screen.png‎
244 KB
diff --git a/‎src/assets/images/cloudflare-one/identity/google/create-oauth.png‎
-288 KB b/‎src/assets/images/cloudflare-one/identity/google/create-oauth.png‎
-288 KB
diff --git a/‎src/assets/images/cloudflare-one/identity/gsuite/trust-internal-apps.png‎
-39.8 KB b/‎src/assets/images/cloudflare-one/identity/gsuite/trust-internal-apps.png‎
-39.8 KB
diff --git a/‎src/content/docs/cloudflare-one/identity/idp-integration/gsuite.mdx‎
Lines changed: 18 additions & 15 deletions b/‎src/content/docs/cloudflare-one/identity/idp-integration/gsuite.mdx‎
Lines changed: 18 additions & 15 deletions
@@ -24,30 +24,32 @@ You do not need to be a Google Cloud Platform user to integrate Google Workspace
 
 2. A Google Cloud project is required to enable Google Workspace APIs. If you do not already have a Google Cloud project, go to **IAM & Admin** > **Create Project**. Name the project and select **Create**.
 
-3. Go to **APIs & Services** and select **+ Enable APIs and Services**. The API Library will load.
+3. Go to **APIs & Services** and select **Enable APIs and Services**. The API Library will load.
 
-4. In the API Library, search for `admin` and select _Admin SDK API_.
+4. In the API Library, search for `admin` and select **Admin SDK API**.
 
 5. **Enable** the Admin SDK API.
 
 6. Return to the **APIs & Services** page and go to **Credentials**.
 
-   ![Location of credential settings at the top of the Google Cloud Platform dashboard.](~/assets/images/cloudflare-one/identity/google/click-configure-consent.png)
-
 7. You will see a warning that you need to configure a consent screen. Select **Configure Consent Screen**.
 
+   ![Location to configure a Consent Screen in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/configure-consent-screen.png)
+
 8. To configure the consent screen:
 
-   1. Choose **Internal** as the User Type. This limits authorization requests to users in your Google Workspace and blocks users who have regular Gmail addresses.
-   2. Name the application, add a support email, and input contact fields. Google Cloud Platform requires an email in your account.
-   3. The **Scopes** page can be left blank.
-   4. The summary page will load and you can save and exit.
+   1. Select **Get Started**.
+   2. Input an **App name** and a **User support email**.
+   3. Choose **Internal** as the Audience Type. This limits authorization requests to users in your Google Workspace and blocks users who have regular Gmail addresses.
+   4. Input **Contact Information**. Google Cloud Platform requires an email in your account.
+   5. Agree to Google's user data policy and select **Continue**.
+   6. Select **Create**.
 
-9. Return to the **Credentials** page and select **+ Create Credentials** > **OAuth client ID**.
+9. The OAuth overview page will load. Select **Create OAuth Client**.
 
-   ![Location of OAuth client ID settings on Google Cloud Platform credentials page.](~/assets/images/cloudflare-one/identity/google/create-oauth.png)
+(Need picture from LC)
 
-10. Choose _Web application_ as the Application type.
+10. Choose _Web application_ as the **Application type** and give your OAuth Client ID a name.
 
 11. Under **Authorized JavaScript origins**, in the **URIs** field, enter your team domain:
 
@@ -63,20 +65,21 @@ You do not need to be a Google Cloud Platform user to integrate Google Workspace
     https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
     ```
 
-13. Google will present the OAuth Client ID and Secret values. The secret field functions like a password and should not be shared. Copy both values.
+13. After creating the OAuth client ID, select the OAuth client ID that you just created. Google will present the **OAuth Client ID** and **Client secret** values. The client secret field functions like a password and should not be shared. Copy both the **OAuth Client ID** and **Client secret** values.
 
 14. On your [Google Admin console](https://admin.google.com), go to **Security** > **Access and data control** > **API controls**.
-    ![Location of Trust internal apps setting in the Google Admin dashboard](~/assets/images/cloudflare-one/identity/gsuite/trust-internal-apps.png)
 
-15. Enable the **Trust internal, domain-owned apps** option. This setting is disabled by default and must be enabled for Cloudflare Access to work correctly.
+15. In **API Controls**, select **Settings**.
+
+16. Select **Internal apps** and check the box next to the **Trust internal apps** to enable this option. This setting is disabled by default and must be enabled for Cloudflare Access to work correctly.
 
 ### 2. Add Google Workspace to Zero Trust
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**.
 
 2. Under **Login methods**, select **Add new** and choose **Google Workspace**.
 
-3. Input the Client ID and Client Secret fields generated previously. Additionally, input the domain of your Google Workspace account.
+3. Input the Client ID (**App ID** in the Cloudflare dashboard) and Client Secret fields generated previously. Additionally, input the domain of your Google Workspace account.
 
 4. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.