Skip to main content
Version: 25.3

Google

Configure Google as a single sign-on (SSO) provider for Seqera Platform.

Prerequisites

Before you begin, you need:

  • A Google Cloud account
  • Permission to create OAuth credentials in the Google Cloud console

Ensure you know how to create Google OAuth credentials. See Google's documentation on setting up OAuth 2.0 for more information.

Create Google OAuth credentials

  1. In the Google Cloud console, create a new project or select an existing one.
  2. Go to APIs & Services > Credentials.
  3. Select Create credentials > OAuth client ID.
  4. Select Web Application as the application type.
  5. Add your redirect URI: https://<HOST>/oauth/callback/google (must be HTTPS) - replace <HOST> with your enterprise installation hostname.
  6. Note your Client ID and Client secret.

Configure Seqera

Add the following environment variables to your Seqera configuration:

VariableDescription
TOWER_GOOGLE_CLIENTThe client ID from step 6
TOWER_GOOGLE_SECRETThe client secret from step 6

Restrict access

To restrict access to specific email addresses or domains, configure an allow list in tower.yml:

tower:
  auth:
    google:
      allow-list:
        - "*@your-company.example.com"
        - "specific-user@another-company.example.net"

See User access allow list for more information.