Cyber Risk Aware supports the OIDC federation protocol for SSO integration with Google. The configuration steps for setting up this integration are listed below. 


Configure Google

  1. Go to Google API Console
  2. Create a Project for CyberRiskAware


Create Authorization credentials

Any application that uses the OAuth 2.0 to access Google API's must have authorization credentials that identify the application to Google's OAuth 2.0 server. The following steps explain how to create Credentials for your project. You applications can then use the credentials to access API's that you have enabled for that Project.

  1. Go to the Credentials Page
  2. Click Create credentials > OAuth client ID
  3. On application type select Web application
  4. Add a name e.g., CRA-OIDC
  5. Specify authorized javascript origins
    • They will be https://{your CRA Subdmain}.cyberriskaware.com
  6. Specify Authorized redirect URI's. The redirect URI's are the endpoints to which the OAuth 2.0 server can send responses.
    • They will be https://{your CRA Subdmain}.cyberriskaware.com/auth/osignedin

After creating you credentials, you can download the client_secret.json file from the API Console


Configure Consent Screen


User Type: Internal


App Information:

  • Name: Create any name e.g., CyberRiskAware Training
  • Authorized Domain: cyberriskaware.com


Configure Scopes

Ensure that the Scopes for Google API's list contains the email and openid scopes.



Configure CyberRiskAware

For each of the fields, provide the values


  • Authentication Type: OpenIdConnect
  • Post Logout Redirect URI: https://{your CRA Subdomain}.cyberriskaware.com/auth/osignedin
  • Redirect URI: https://{your CRA Subdomain}.cyberriskaware.com/auth/osignedin
  • Authority: https://accounts.google.com
  • Client Id: This should be the ClientID field you will have been provided with from the Google credential.
  • Client Secret: This should be the Client Secret field you will have been provided with from the Google credential.
  • Domain Hint: Blank
  • Username Claim: This will default to email but can be updated to a claim of your choosing, for example the UPN claim would be: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
  • Click Save


Note: It may take 24 hours for the settings to completely update.