Google OIDC SSO Integration

These instructions will help administrators configure Fiddler for use with an existing Google single sign-on application.

Google Setup:

1. Set up an in Google:

• Navigate to the Clients page.

  • You will be prompted to create a project if you do not have one selected.

  • You will be prompted to register your to use Google Auth if you are yet to do so. This is required before creating a client.

• Click on "Create Client".

• Select "Web Application" as the application type.

• Set "Authorized redirect URIs" as {base_url}/api/sso/google/callback (replace {base_url} with your Fiddler deployment URL).

• Click on "Create" to create the client.

• Copy the Client ID and Client secret for the newly created OAuth Client.

1. Share the following details with the Fiddler services team:

   • Client ID

   • Client secret

Note: We do not support group sync from Google Workspace.

Deployment instructions

1. Create a <secret-filename>.yaml file using this template:

   Copy

   apiVersion: v1
   kind: Secret
   metadata:
     name: fiddler-sso-google-credentials
     namespace: <NAMESPACE_NAME>
   stringData:
     sso-google-client-id: <CLIENT_ID>
     sso-google-client-secret: <CLIENT_SECRET>
   type: Opaque

   Important:

   📘 Don’t use doubles quotes anywhere in values in above yaml. For example, if the Client ID is “12345“ - the value is 12345 and not “12345”.

2. Apply the Kubernetes secret to your cluster:

   Copy

   kubectl apply -f <secret-filename>.yaml -n fiddler

3. Update your Helm values file with these settings:

   Copy

   fiddler:
     auth:
       sso:
         provider: google
         google:
           secretName: fiddler-sso-google-credentials

Note: The new SSO settings apply once deployments are updated.