Skip to content
Visit Access on GitHub
Set theme to dark (⇧+D)

G Suite

G Suite provides OpenID Connect (OIDC) Identity Provider support that you can use with many SaaS apps in the G Suite Marketplace, and adds support for SAML 2.0 (Security Assertion Markup Language) for more than 15 popular SaaS providers. Cloudflare Access supports G Suite as an IdP.

Set up G Suite as your IdP

Use these steps to set up G Suite as your IdP.

  1. Log in to the Google Cloud console at

    This console is separate from your G Suite Admin console.

  2. Create a new Google Cloud Platform (GCP) project.

  3. Enter Cloudflare Access in the Project Name field.

  4. Ensure that the setting in the Location field matches your G Suite domain.

    Access Location

    The GCP dashboard displays.

  5. In the APIs card, click → Go to APIs overview. GCP dashboard APIs card

  6. Follow the Admin SDK link here and click enable.

    Enable admin API

  7. Return to the APIs overview page. Select Credentials in the left menu pane.

    GCP dashboard APIs card

    The Credentials page displays.

  8. Click Create credentials > OAuth client ID.

    OAuth client ID field

    The OAuth consent screen page displays.

  9. In Application type, select the Internal option.

    API Credentials

  10. Enter an Application Name.

  11. Scroll to the Authorized Domains field, and enter

  12. Click Save.

    The Application builder wizard displays.

  13. Click Web Application.

  14. Enter a name for your application.

  15. In Authorized JavaScript Origins, enter the authentication domain from Cloudflare Access.

    For example,

  16. Enter your authentication domain in the Authorized redirect URIs field, and add this to the end of the path: /cdn-cgi/access/callback

    For example:

    A window displays with your OAuth Client ID and Client Secret. Copy these to enter in your Cloudflare Access app.

  17. Return to your G Suite Admin console, and click MORE CONTROLS at the bottom of the window.

  18. Click Security.

    G Suite Security Badge

    The Security page displays.

    Manage API access

  19. Click Advanced Settings > Manage API client access.

    Manage API client access

  20. Enter your copied Client ID in the Client Name field.

  21. Paste these URLs in the One or More API Scopes field:,
  22. Click Authorize.

  23. In the Cloudflare Access app, under click Add under Login Methods, and select G Suite as your IdP.

  24. Paste in the Client ID and Client Secret.

  25. In the Cloudflare Access Configuration panel, enter your Google domain, including the TLD.

  26. Click Save and Test.

    On success, a confirmirmation displays that your connection works.

    Cloudflare IdP Connection Success

Example API Configuration

{    "config": {        "client_id": "<your client id>",        "client_secret": "<your client secret",        "apps_domain": ""    },    "type": "google-apps",    "name": "my example idp"}

export const _frontmatter = {"order":12}