Do you we have to present Google? The good news is that Google is a standard OpenID Provider, and so you can easily delegate the authentication of LL::NG to Google:


Google does not support logout through OpenID Connect. If you close your session on LL::NG side, your Google session will still be open.

Register on Google

You need a Google developer account to access to

Here you can go in API Manager and get new credentials (client_id and client_secret).

You need to provide the callback URLs, for example

Declare Google in your LL::NG server

Go in Manager and create a new OpenID Connect provider. You can call it google for example.

Click on Metadata, and use the OpenID Connect configuration URL to load them:

You can also load the JWKS data from the URL But as Google rotate their keys, we will also configure a refresh interval on JKWS data.

Go in Exported attributes to choose which attributes you want to collect. Google supports these claims:

  • email
  • email_verified
  • family_name
  • given_name
  • locale
  • name
  • picture
  • sub

Now go in Options:

  • In Configuration, register the client_id and client_secret given by Google. Set also the configuration URI with, and JWKS refresh, for example every day: 86400.
  • In Protocol, adapt the scope to the exported attributes you want. You can for example use openid profile email.
  • In Display, you can set the name and the logo