Google - OIDC

To use Google as an IdP to authenticate the Akeyless Platform via OIDC, follow the steps below.

❗️

Critical

Ensure your OAuth consent configuration includes only authorized domains of your organization, and that the User type is set to Internal only.

To set your OAuth consent screen with User type internal click on your OAuth consent settings and ensure the following are set for User type:

And for Authorized domains:

Create an OAuth Client ID

  1. Visit the Google API Console.

  2. Go to Credentials > Create Credentials > OAuth Client ID.

  3. For the Application Type select Web Application, for the Authorized redirect URIs set https://auth.akeyless.io/oidc/callback and click Create.

  1. Once the OAuth Client ID has been created, you need to obtain the Client ID, Client secret:

  1. In order to bind the OAuth Client ID with your Akeyless Platform account, you need to create an OIDC Authentication Method using either CLI or UI, as described below.

Create an OIDC Authentication Method from the CLI

akeyless create-auth-method-oidc --name 'Google-OIDC' --issuer https://accounts.google.com --client-id {your-client-id}  --client-secret {your-client-secret} --unique-identifier {your-unique-identifier (e.g 'email' or 'username')}

Login with OIDC from the CLI

  1. You should configure a new profile with your Access-ID from the previous step and OIDC type (if no profile name is provided the default will be configured):
akeyless configure --access-id <your-access-id> --access-type oidc --profile 'google-oidc'
  1. Now, you can run any Akeyless CLI command and be authenticated with Google:
akeyless list-items --profile google-oidc