SSO - Google Workspace

SecDim offers SSO (Single Sign-On) integration with Google Workspace via OpenID Connect (OIDC). This allows users to log in to the SecDim platform using their existing Google Workspace credentials. This guide walks you through the setup steps your Google Workspace administrator needs to complete.

What SecDim Needs from You

Before SecDim can activate SSO for your organisation, collect the following from your Google Workspace setup and send them to your SecDim account manager.

Value Description

Value	Description
Client ID	OAuth 2.0 client ID from your Google Cloud project
Client Secret	OAuth 2.0 client secret — send via a one-time secret tool, not email
Primary email domain	e.g. `acme.com` — the domain your users sign in with

Client ID

OAuth 2.0 client ID from your Google Cloud project

Client Secret

OAuth 2.0 client secret — send via a one-time secret tool, not email

Primary email domain

e.g. acme.com — the domain your users sign in with

SecDim will provide you with a provider name and your SSO login URL in the format https://id.secdim.com?auth=<provider>&origin=play once configuration is complete.

Step 1 — Create an OAuth Client in Google Cloud

Go to the Google Cloud Console
Select or create a project for your organisation
Navigate to APIs & Services → Credentials
Click Create Credentials → OAuth client ID
Select Web application as the application type
Set the Name to SecDim SSO (or similar)
Under Authorised redirect URIs, add:
```
https://id.secdim.com/account/login/sso/<provider>/callback
```
SecDim will give you the exact <provider> slug.
Click Create
Copy the Client ID and Client Secret from the confirmation dialog

Step 2 — Configure the OAuth Consent Screen

Go to APIs & Services → OAuth consent screen
Select Internal as the user type (restricts sign-in to your organisation)
Fill in the required fields:
- App name: SecDim SSO
- User support email: your admin email
- Developer contact information: your admin email
Under Scopes, add:
- openid
- email
- profile
Save the configuration

Step 3 — Send Credentials to SecDim

Send the following to your SecDim account manager securely (not by email):

Value Where to find it

Value	Where to find it
Client ID	APIs & Services → Credentials → OAuth 2.0 Client IDs
Client Secret	Shown on creation (send securely)
Primary email domain	e.g. `acme.com`

Client ID

APIs & Services → Credentials → OAuth 2.0 Client IDs

Client Secret

Shown on creation (send securely)

Primary email domain

e.g. acme.com

Google OAuth client secrets do not expire by default, but you can rotate them at any time from the Google Cloud Console. If you rotate the secret, send the new value to your SecDim account manager.

Step 4 — (Optional) Automatic Department Assignment

If you want users to be automatically assigned to departments within SecDim on first login, you can expose a custom department claim from your Google Workspace directory.

Let your SecDim account manager know the exact claim name so they can configure the mapping on the SecDim side. The department name in SecDim must match exactly with the value from Google.

Step 5 — Test

Once SecDim confirms the configuration is active:

Open https://id.secdim.com?auth=<provider>&origin=play in a private browser window
You will be redirected to Google to authenticate
Sign in with a Google Workspace account from your organisation
Confirm you land in SecDim associated with the correct company subscription