⚠️ Note: The platform does not support SAML configurations — OpenID Connect (OIDC) must be used.
Step 1: Create a project in Google Cloud
Go to the Google Cloud Console and log in with an administrator account for your organisation
Click "Select project" at the top → "New project"
Enter a name for the project (e.g. "TAC-SSO") and select the correct organisation
Click "Create"
Step 2: Enable the OpenID Connect API
In the left-hand menu, go to "APIs & Services" → "Dashboard"
Click "+ Enable APIs & Services"
Search for "Google Identity" and select "Google Identity Platform"
Click "Enable"
Step 3: Create OAuth 2.0 credentials
Go to "APIs & Services" → "Credentials"
Click "+ Create credentials" → "OAuth client ID"
Under "Application type", select "Web application"
Fill in the required fields:
Name:
TAC SSOAuthorised redirect URIs:
https://app.touchandcontact.com
Click "Create"
Step 4: Configure Scopes for OpenID Connect
When configuring OpenID Connect for TAC, grant the following required scopes:
openidprofileemailoffline_access
Step 5: Enable User Access
Go to the Google Admin Console at admin.google.com
Navigate to "Apps" → "Web and mobile apps"
Select the TAC application you just configured
Go to "Access control" and make sure the required users or groups have permission to access TAC
Save the changes
Step 6: Grant Consent Without Manual Approval
Go back to the Google Cloud Console
Navigate to "APIs & Services" → "OAuth consent"
Click "Grant consent for the organisation"
Verify that the required scopes are correctly authorised
Save and close