cloudflare
diff --git a/‎src/assets/images/cloudflare-one/identity/google/create-oauth-client.png‎
174 KB b/‎src/assets/images/cloudflare-one/identity/google/create-oauth-client.png‎
174 KB
diff --git a/‎src/assets/images/cloudflare-one/identity/gsuite/trust-internal-apps.png‎
276 KB b/‎src/assets/images/cloudflare-one/identity/gsuite/trust-internal-apps.png‎
276 KB
diff --git a/‎src/content/docs/cloudflare-one/identity/idp-integration/google.mdx‎
Lines changed: 20 additions & 12 deletions b/‎src/content/docs/cloudflare-one/identity/idp-integration/google.mdx‎
Lines changed: 20 additions & 12 deletions
diff --git a/‎src/content/docs/cloudflare-one/identity/idp-integration/gsuite.mdx‎
Lines changed: 22 additions & 20 deletions b/‎src/content/docs/cloudflare-one/identity/idp-integration/gsuite.mdx‎
Lines changed: 22 additions & 20 deletions
@@ -11,42 +11,50 @@ You do not need to be a Google Cloud Platform user to integrate Google Suite as
 
 ## Set up Google as an identity provider
 
-1. Visit the Google Cloud Platform console. Create a new project, name the project, and select **Create**.
+1. Log in to the Google Cloud Platform [console](https://console.cloud.google.com/). Create a new project, name the project, and select **Create**.
 
-2. On the project home page, go to **APIs & Services** on the sidebar and select **Dashboard**.
+2. On the project home page, go to **APIs & Services** and on the sidebar select **Credentials**.
 
-3. On the sidebar, go to **Credentials** and select **Configure Consent Screen** at the top of the page.
+3. Select **Configure Consent Screen** at the top of the page.
 
-4. Choose `External` as the User Type. Since this application is not being created in a Google Workspace account, any user with a Gmail address can login.
+   ![Location to configure a Consent Screen in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/configure-consent-screen.png)
 
-5. Name the application, add a support email, and input contact fields. Google Cloud Platform requires an email in your account.
-   :::note
-   In the **Scopes** section, we recommend adding the `userinfo.email` scope. This is not required for the integration, but shows authenticating users what information is being gathered. You do not need to add test users.
-   :::
+4. To configure the consent screen:
 
-6. Return to the **APIs & Services** page, select **Create Credentials** > **OAuth client ID**, and name the application.
+   1. Select **Get started**.
+   2. Input an **App name** and a **User support email**.
+   3. Choose `External` as the Audience Type. Since this application is not being created in a Google Workspace account, any user with a Gmail address can log in.
+   4. Input **Contact Information**. Google Cloud Platform requires an email in your account.
+   5. Agree to Google's user data policy and select **Continue**.
+   6. Select **Create**.
+
+5. The OAuth overview page will load. On the OAuth overview screen, select **Create OAuth client**.
+
+   ![Location to create an OAuth client in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/create-oauth-client.png)
+
+6. Choose _Web application_ as the **Application type** and give your OAuth Client ID a name.
 
 7. Under **Authorized JavaScript origins**, in the **URIs** field, enter your team domain:
 
    ```txt
    https://<your-team-name>.cloudflareaccess.com
    ```
 
-   You can find your team name in Zero Trust under **Settings** > **Custom Pages**.
+   You can find your team name in [Zero Trust](https://one.dash.cloudflare.com/) under **Settings** > **Custom Pages**.
 
 8. Under **Authorized redirect URIs**, in the **URIs** field, enter the following URL:
 
    ```txt
    https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
    ```
 
-9. Google will present the OAuth Client ID and Secret values. The secret field functions like a password and should not be shared. Copy both values.
+9. After creating the OAuth client, select the OAuth client that you just created. Google will present the **OAuth Client ID** value and **Client secret** value. The client secret field functions like a password and should not be shared. Copy both values.
 
 10. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**.
 
 11. Under **Login methods**, select **Add new**. Choose **Google** on the next page.
 
-12. Input the Client ID and Client Secret fields generated previously.
+12. Input the Client ID (**App ID** in the Cloudflare dashboard) and Client Secret fields generated previously.
 
 13. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
 
 
@@ -20,34 +20,34 @@ You do not need to be a Google Cloud Platform user to integrate Google Workspace
 
 ### 1. Configure Google Workspace
 
-1. Log in to the Google Cloud Platform [console](https://console.cloud.google.com/). This is separate from your Google Workspace console.
+1.  Log in to the Google Cloud Platform [console](https://console.cloud.google.com/). This is separate from your Google Workspace console.
 
-2. A Google Cloud project is required to enable Google Workspace APIs. If you do not already have a Google Cloud project, go to **IAM & Admin** > **Create Project**. Name the project and select **Create**.
+2.  A Google Cloud project is required to enable Google Workspace APIs. If you do not already have a Google Cloud project, go to **IAM & Admin** > **Create Project**. Name the project and select **Create**.
 
-3. Go to **APIs & Services** and select **Enable APIs and Services**. The API Library will load.
+3.  Go to **APIs & Services** and select **Enable APIs and Services**. The API Library will load.
 
-4. In the API Library, search for `admin` and select **Admin SDK API**.
+4.  In the API Library, search for `admin` and select **Admin SDK API**.
 
-5. **Enable** the Admin SDK API.
+5.  **Enable** the Admin SDK API.
 
-6. Return to the **APIs & Services** page and go to **Credentials**.
+6.  Return to the **APIs & Services** page and go to **Credentials**.
 
-7. You will see a warning that you need to configure a consent screen. Select **Configure Consent Screen**.
+7.  You will see a warning that you need to configure a consent screen. Select **Configure Consent Screen**.
 
-   ![Location to configure a Consent Screen in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/configure-consent-screen.png)
+    ![Location to configure a Consent Screen in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/configure-consent-screen.png)
 
-8. To configure the consent screen:
+8.  To configure the consent screen:
 
-   1. Select **Get Started**.
-   2. Input an **App name** and a **User support email**.
-   3. Choose **Internal** as the Audience Type. This limits authorization requests to users in your Google Workspace and blocks users who have regular Gmail addresses.
-   4. Input **Contact Information**. Google Cloud Platform requires an email in your account.
-   5. Agree to Google's user data policy and select **Continue**.
-   6. Select **Create**.
+    1. Select **Get Started**.
+    2. Input an **App name** and a **User support email**.
+    3. Choose **Internal** as the Audience Type. This Audience Type limits authorization requests to users in your Google Workspace and blocks users who have regular Gmail addresses.
+    4. Input **Contact Information**. Google Cloud Platform requires an email in your account.
+    5. Agree to Google's user data policy and select **Continue**.
+    6. Select **Create**.
 
-9. The OAuth overview page will load. Select **Create OAuth Client**.
+9.  The OAuth overview page will load. Select **Create OAuth Client**.
 
-(Need picture from LC)
+    ![Location to create an OAuth client in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/google/create-oauth-client.png)
 
 10. Choose _Web application_ as the **Application type** and give your OAuth Client ID a name.
 
@@ -57,21 +57,23 @@ You do not need to be a Google Cloud Platform user to integrate Google Workspace
     https://<your-team-name>.cloudflareaccess.com
     ```
 
-    You can find your team name in Zero Trust under **Settings** > **Custom Pages**.
+    You can find your team name in [Zero Trust](https://one.dash.cloudflare.com/) under **Settings** > **Custom Pages**.
 
 12. Under **Authorized redirect URIs**, in the **URIs** field, enter the following URL:
 
     ```txt
     https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
     ```
 
-13. After creating the OAuth client ID, select the OAuth client ID that you just created. Google will present the **OAuth Client ID** and **Client secret** values. The client secret field functions like a password and should not be shared. Copy both the **OAuth Client ID** and **Client secret** values.
+13. After creating the OAuth client, select the OAuth client that you just created. Google will present the **OAuth Client ID** and **Client secret** values. The client secret field functions like a password and should not be shared. Copy both the **OAuth Client ID** and **Client secret** values.
 
 14. On your [Google Admin console](https://admin.google.com), go to **Security** > **Access and data control** > **API controls**.
 
 15. In **API Controls**, select **Settings**.
 
-16. Select **Internal apps** and check the box next to the **Trust internal apps** to enable this option. This setting is disabled by default and must be enabled for Cloudflare Access to work correctly.
+16. Select **Internal apps** and check the box next to **Trust internal apps** to enable this option. The **Trust internal apps** setting is disabled by default and must be enabled for Cloudflare Access to work correctly.
+
+    ![Location to trust internal apps in the Google Cloud Platform console.](~/assets/images/cloudflare-one/identity/gsuite/trust-internal-apps.png)
 
 ### 2. Add Google Workspace to Zero Trust