Skip to main content

Google SSO integration

Hex supports integrating with Google SSO via OIDC for login management.

info
  • Available on the Enterprise plan.
  • Users will need the Admin workspace role to configure Google SSO.

Create an OIDC application in Google

Before completing the Hex side configuration, you must have a Google OIDC application configured. Use the following steps to create the OIDC application in Google to obtain the Client ID and Client Secret credentials:

  1. Navigate to the Google Developers site in your web browser.

  2. Sign in using the Google account under which you would like to register the application.

  3. Create a new project using the "Create" button or use an existing project to which you can add an OIDC application.

  4. Next, click the Google APIs logo in the navigation bar and the APIs & Services page will open with your project selected. Click "Credentials" on the left option menu.

  5. On the Credentials page, click "+ Create Credentials" and then select "OAuth client ID" for the credential type.

    Note: If this is your first API project, Google will prompt you to configure the OAuth consent screen first. Users will see this screen when your application requests access. Click on the "Configure Consent Screen" option and then proceed to step 6.

  6. On the OAuth consent screen, select "Internal" as the user type then click "Create". On the following screen, enter the application name of your choice then click "Save". Now, click "Credentials" on the left option menu, click "+ Create Credentials", and select "OAuth client ID".

    Note: Skip this step if you have already configured the OAuth consent screen.

  7. Select "Web application" on the Create OAuth client ID screen then enter the Authorized Redirect URI. Your redirect URI will be of the format https://<BASE URL>/auth/<YOUR HEX WORKSPACE ID>/sso.

  • Substitute your base URL where specified. Workspaces on one of our multi-tenant stacks will be one of app.hex.tech, eu.hex.tech, or hc.hex.tech. Single-tenant workspaces should look to their url to identify their base url.
  • Substitute your Hex workspace id where specified.
  1. Click "Create" to generate your unique credentials. The Client ID and Client Secret information will display in a pop-up window. Record both of these values as they are required when configuring the SSO details in the SSO panel of your Hex Admin panel.
  2. Once you have obtained the Client ID and Client Secret information, navigate back to the SSO tab of your Admin panel to complete the SSO configuration. Use https://accounts.google.com/.well-known/openid-configuration in the "Issuer" field.
  3. There are additional configuration options which you can now enable:
  • Toggle the Enable SSO switch on to allow users to sign on with SSO.
  • Toggle the Enforce SSO switch to require users to sign on with SSO.
tip

Verify that SSO sign in works as expected before enabling the Enforce SSO option

Confirm that Google SSO integration works as expected by logging out of Hex and logging in using the newly available Log in with SSO option.