Set up the Google provider
Google is one of the OAuth 2.0 identity providers you can use to authenticate visitors to your Power Pages site. OAuth 2.0–based identity providers require a client ID, client secret, and sometimes a redirect or reply URL. This article describes the following steps:
- Set up Google in Power Pages
- Create an app registration in Google
- Enter site settings in Power Pages
Set up Google in Power Pages
In your Power Pages site, select Security > Identity providers.
If no identity providers appear, make sure External login is set to On in your site's general authentication settings.
To the right of Google, select More Commands (…) > Configure or select the provider name.
Leave the provider name as it is or change it if you like.
The provider name is the text on the button that users see when they select their identity provider on the sign-in page.
Select Next.
Under Reply URL, select Copy.
Select Open Google.
Don't close your Power Pages browser tab. You'll return to it soon.
Create an app registration in Google
Register an application in Google with your site's reply URL as the redirect URL.
Note
If you use or add a custom domain name or change your site's base URL, you must set up your identity provider to use the correct reply URL. The Google app uses the reply URL to redirect users to your website after authentication.
Add the API
Open the Google Developers Console.
Create or open an API project.
In the left side panel, select APIs & Services.
Select + Enable APIs and Services.
Search for and enable Google People API.
Important
Google+ API is deprecated. We strongly recommend that you migrate to Google People API.
Set up your consent screen
If you already have a consent screen for your website's top-level domain, skip to Add credentials. If your site has a consent screen but you haven't added the top-level domain, skip to Enter your top-level domain.
In the left side panel, select Credentials.
Select Configure consent screen.
Select the External user type.
Select Create.
Enter the name of the application and select your organization's user support email address.
Upload a logo image file if necessary.
Enter the URLs of your site's home page, privacy policy, and terms of service, if applicable.
Enter an email address where Google can send you developer notifications.
Enter your top-level domain
Under Authorized domains, select + Add Domain.
Enter your site's top-level domain; for example,
powerappsportals.com
.Tip
Use
microsoftcrmportals.com
if you haven't updated your domain name. If your site uses a custom domain name, enter it instead.Select Save and Continue.
Add credentials
In the left side panel, select Credentials.
Select Create credentials > OAuth client ID.
Select Web application as the application type.
Enter a name to identify your OAuth Client; for example,
Web sign-in
.This name is for internal use only and isn't shown to users.
Under Authorized JavaScript origins, select + Add URI.
Enter your site's URL; for example,
https://contoso.powerappsportals.com
.Under Authorized redirect URIs, select + Add URI.
Enter your site's URL followed by
/signin-google
; for example,https://contoso.powerappsportals.com/signin-google
.Select Create.
In the OAuth client created window, select the copy icons to copy the Client ID and Client secret.
Select OK.
Enter site settings in Power Pages
Return to the Power Pages Configure identity provider page you left earlier.
Under Configure site settings, paste the following values:
- Client ID: Paste the Client ID you copied.
- Client secret: Paste the Client secret you copied.
Optional additional settings for OAuth 2.0 identity providers