Configure SSO with G Suite and Cyral

With Cyral, you can authenticate database users against your single sign-on (SSO) platform. Once set up for SSO, Cyral delegates authentication to your SSO platform. When a user authenticates successfully, Cyral grants them the appropriate privileges in the data store.

Create an OAuth Client ID in your G Suite instance

Follow the steps below to use your Google G Suite instance to authenticate database users and Cyral administrators. This integration sets up your G Suite instance to recognize Cyral as an OAuth 2.0 application. For more information on OAuth and SSO:

Add a G Suite consent screen for Cyral

Cyral's integration with G Suite uses an OAuth application with authentication provided by a service that runs in the Cyral control plane.

If this is the first time an OAuth application is being set up in your G Suite domain, you must set up a Consent Screen in your G Suite with cyral.com as the authorized domain. If you've already done this, proceed to the next section, "Create an OAuth Client ID."

  1. Go to the Google API Console OAuth consent screen page.

  2. Set Application type to Internal.

  3. Set Application name to Cyral OAuth Client.

  4. Leave the Application logo blank.

  5. Set Support email to the address of your authentication administrator.

  6. Keep the default scopes for Google APIs (emailprofileopenid).

  7. In Authorized domains type cyral.com.

  8. Click Save.

Now that the consent screen has been set up, proceed to the next section to create the OAuth client ID that enables G Suite to accept requests from Cyral.

Create an OAuth client ID

Follow the steps below to create the OAuth application in your organization's G Suite instance. By doing this, you are authorizing your G Suite instance to respond to Cyral's authentication requests.


Share the OAuth application details with your Cyral support person

1. Find the Client ID from the popup that follows after your create the OAuth app.




2. Click the Client ID you created, click DOWNLOAD JSON to get its credentials bundle, and share this JSON file securely with your Cyral support contact.

3. Contact your Cyral support person to complete the setup. Provide the settings you collected above:

  • Name

  • Authorized Javascript Origins

  • Authorized redirect URL

  • Your Client ID name

  • Your Client ID's JSON file

  • G Suite domain (name of your G Suite domain, which is usually your organization's main domain name, but may not be)

Next step


See Set up SSO authentication for users for the steps to activate SSO authentication on a repository.



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.