Requirements
- An account in GCP
API_URL
is the public DNS name of the hoop gateway instance
API_URL
address.
Identity Provider Configuration
1
Create an Application
Login with your account at https://console.cloud.google.com/apis/credentials
- Go to
Credentials
>Create Credentials
button >OAuth Client ID
- In Application type, select
Web Application
- Give it a name (i.e. “Hoop”)
2
Configure the Redirect URIs
- Click Authorized redirect URIs and add the URL:
{API_URL}/api/callback
- Click Create button
- Take note on the
ClientID
andClient Secret
3
Collect the Credentials
When you created the app, you got those. But they are also available in the JSON file that was downloaded by the creation time. The download is also available at:
- Credentials > OAuth 2.0 Client IDs > Actions > Download
4
Collect Issuer Information
The Issuer URI is
https://accounts.google.com
Configuring Groups
Groups are synchronized by performing a request to the Cloud Identity API as a best effort operation.This feature is available in version 1.35.2 and later.
1
Add the Scope
Configure the gateway with the env IDP_CUSTOM_SCOPES
https://www.googleapis.com/auth/cloud-identity.groups.readonly

Restart the gateway after applying these changes.
2
Enable the Cloud Identity API in your project
- Visit the Cloud Identity API Page
- Clik in the button
ENABLE
When configuring group synchronization, admin access may be revoked upon your next sign-in.
To maintain administrative privileges, set the
ADMIN_USERNAME
configuration parameter to a Google Workspace group that you want to map as admin on Hoop.