@workos/mcp-docs-server 0.1.0

package/.docs/organized/docs/integrations/fourth.mdx

@@ -0,0 +1,66 @@
+---
+title: Fourth
+description: "Learn about syncing your user list with\_Fourth."
+icon: fourth
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/fourth.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s Fourth directories.
+
+To synchronize an organization’s users and groups provisioned for your application, you’ll need the following information from the organization:
+
+- Fourth Organization ID
+- Fourth username and password
+
+> Note: The Fourth integration isn't enabled by default in the WorkOS Dashboard or Admin Portal. Please reach out to [support@workos.com](mailto:support@workos.com) or via your team’s WorkOS Slack channel if you would like Fourth enabled.
+
+---
+
+## (1) Set up your directory sync integration
+
+Sign in into your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.
+
+Select the organization you’ll be configuring a new Directory Sync connection with.
+
+Click “Manually Configure Directory”.
+
+![A screenshot showing where to find "Manually Configure Directory" button for an organization in the WorkOS dashboard.](https://images.workoscdn.com/images/0a0fa511-08ae-4fd9-9cfc-0301b7041b3f.png?auto=format&fit=clip&q=50)
+
+Input the Name, and select "Fourth” as the directory type. Click the “Create Directory” button.
+
+![A screenshot showing "Create Directory" details in the WorkOS dashboard.](https://images.workoscdn.com/images/ba13b740-7cbf-42e5-a511-b0c5a9f384e0.png?auto=format&fit=clip&q=50)
+
+You will now see your Fourth directory sync has been created successfully with an input for the Organization ID, username, and password.
+
+## (2) Obtain and update directory details
+
+Retrieve the Fourth Organization ID from the organization's IT Admin, as well as the username and password that will be used for authentication.
+
+Click “Update Directory” in the WorkOS Dashboard.
+
+![A screenshot showing where to find the "Update Directory" button in the WorkOS dashboard.](https://images.workoscdn.com/images/9c641325-3703-4c17-955e-d6b0fc898996.png?auto=format&fit=clip&q=50)
+
+Enter the Organization ID, the username and the password.
+
+---
+
+## (3) View users and groups in your dashboard
+
+When the connection is successfully made, you will see the green “Linked” icon appear. Now, whenever the organization assigns users or groups to your application, you’ll receive Dashboard updates based on changes in their directory.
+
+Click on the “Users” tab in the Dashboard to view synced users.
+
+![A screenshot showing where to find the "Users" tab in the WorkOS directory.](https://images.workoscdn.com/images/0784ded9-3fcd-45f1-87cc-44bb41e2031c.png?auto=format&fit=clip&q=50)
+
+---
+
+## Frequently asked questions
+
+### How often do Fourth directories perform a sync?
+
+Fourth directories poll every 30 minutes starting from the time of the initial sync.

package/.docs/organized/docs/integrations/github-oauth.mdx

@@ -0,0 +1,85 @@
+---
+title: GitHub OAuth
+description: Learn how to set up OAuth with GitHub.
+icon: github
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/github-oauth.mdx
+---
+
+## Introduction
+
+To configure your global GitHub OAuth setup, you’ll need three pieces of information: a [Redirect URI](/glossary/redirect-uri), a GitHub Client ID, and a GitHub Client Secret.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the Redirect URI, an allowlisted callback URL. It indicates the location to return an authorized user to after both an authorization code is granted, and the authentication process is complete.
+
+Open your [WorkOS Dashboard](https://dashboard.workos.com) and browse to the _Authentication_ section on the left hand navigation bar. Scroll down to the _GitHub OAuth_ section and click _Edit_.
+
+![A screenshot showing the GitHub OAuth section in the WorkOS Dashboard.](https://images.workoscdn.com/images/c5085d51-1007-4e96-984b-67ce572eb35a.png?auto=format&fit=clip&q=80)
+
+In the modal, you’ll see the Redirect URI as well as the fields you’ll populate later with information from GitHub. This URI will be used as part of the registration process later in the GitHub developer settings page.
+
+![A screenshot showing the GitHub OAuth configuration modal in the WorkOS Dashboard.](https://images.workoscdn.com/images/a5b49e2c-330d-43c4-864d-6929b1a31b1f.png?auto=format&fit=clip&q=80)
+
+---
+
+## Testing with default credentials in the Staging environment
+
+WorkOS provides a default GitHub Client ID/GitHub Client Secret combination, which allows you to quickly enable and test GitHub OAuth. WorkOS will automatically use the default credentials, until you add your own GitHub Client ID and GitHub Client Secret to the Configuration in the WorkOS Dashboard.
+
+> The default credentials are only intended for testing and therefore only available in the Staging environment. For your production environment, please follow the steps below to create and specify your own GitHub Client ID and GitHub Client Secret.
+
+Please note that when you are using WorkOS default credentials, GitHub's authentication flow will display WorkOS' name, logo, and other information to users. Once you register your own application and use its GitHub Client ID and GitHub Client Secret for the OAuth flow, you will have the opportunity to customize the app, including its name, logo, etc.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the GitHub Client ID and the GitHub Client Secret.
+
+These are a pair of credentials provided by GitHub that you’ll use to authenticate your application via the OAuth protocol. To obtain them:
+
+---
+
+### (1) Create the GitHub OAuth Application
+
+Log in to your GitHub account and go to the [_Developer Settings_](https://github.com/settings/developers) page in your GitHub settings dashboard and click on _Register a new application_.
+
+> You can also register a new application under a GitHub Organization, which may be more appropriate if it is maintained by a team of developers. You can also [transfer ownership](https://docs.github.com/en/apps/oauth-apps/maintaining-oauth-apps/transferring-ownership-of-an-oauth-app) of your GitHub OAuth application to a GitHub organization later.
+
+![A screenshot showing the GitHub page to register a new OAuth application.](https://images.workoscdn.com/images/d8991483-a60e-4bc6-985f-2053d8b3c2c9.png?auto=format&fit=clip&q=80)
+
+Start by filling out the form with relevant details about your application, like the application name and description.
+
+For _Authorization callback URL_, use the Redirect URI in the GitHub OAuth configuration modal in the WorkOS Dashboard.
+
+![A screenshot showing the GitHub form to create a new OAuth application.](https://images.workoscdn.com/images/6282967b-eee8-4937-8ec8-a1f25d7ec873.png?auto=format&fit=clip&q=80)
+
+Finally, click on _Register application_.
+
+### (2) Generate client credentials
+
+On the next page, you will see the GitHub _Client ID_ for your new OAuth application.
+
+Click on _Generate a new client secret_ to generate a new GitHub Client Secret. Note that this value is only temporarily available, so make sure to save it before proceeding.
+
+![A screenshot showing OAuth client credentials in the GitHub developer settings](https://images.workoscdn.com/images/ba3c133b-3492-4b5b-b10c-69717ca3e50c.png?auto=format&fit=clip&q=80)
+
+In the next step, you will provide both the GitHub Client ID and Client Secret to the WorkOS dashboard.
+
+### (3) Provide client credentials to WorkOS
+
+Go back to the _Authentication_ section in the WorkOS Dashboard, and click on _Edit_ under _GitHub OAuth_.
+
+Toggle _Enabled_ on and provide the client credentials from GitHub that you generated in the previous step.
+
+Finally, click _Save_.
+
+![A screenshot showing GitHub client credentials entered in the WorkOS dashboard](https://images.workoscdn.com/images/53ed79ff-0000-401f-b1f5-24dca73e6106.png?auto=format&fit=clip&q=80)
+
+You are now ready to start authenticating with GitHub OAuth. Your users will see the option to sign-in with GitHub when visiting your [AuthKit](/user-management) domain. Or, you can initiate sign-in with GitHub through the [standalone SSO API](reference/sso/get-authorization-url) by passing `GitHubOAuth` as the `provider`.

package/.docs/organized/docs/integrations/gitlab-oauth.mdx

@@ -0,0 +1,81 @@
+---
+title: GitLab OAuth
+description: Learn how to set up OAuth with GitLab.
+icon: gitlab
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/gitlab-oauth.mdx
+---
+
+## Introduction
+
+To configure your global GitLab OAuth setup, you’ll need three pieces of information: a [Redirect URI](/glossary/redirect-uri), a GitLab Client ID, and a GitLab Client Secret.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the Redirect URI, an allowlisted callback URL. It indicates the location to return an authorized user to after both an authorization code is granted, and the authentication process is complete.
+
+Open your [WorkOS Dashboard](https://dashboard.workos.com) and browse to the _Authentication_ section on the left hand navigation bar. Scroll down to the _GitLab OAuth_ section and click _Enable_.
+
+![A screenshot showing the GitLab OAuth section in the WorkOS Dashboard.](https://images.workoscdn.com/images/7aff1321-8587-4d8e-a574-aef1fc5236c0.png?auto=format&fit=clip&q=80)
+
+In the modal, you’ll see the Redirect URI as well as the fields you’ll populate later with information from GitLab. This URI will be used as part of the registration process later in the GitLab developer settings page.
+
+![A screenshot showing the GitLab OAuth configuration modal in the WorkOS Dashboard.](https://images.workoscdn.com/images/b90f07a6-9db5-4c19-9597-edbae8d01acc.png?auto=format&fit=clip&q=80)
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the GitLab Client ID and the GitLab Client Secret.
+
+These are a pair of credentials provided by GitLab that you’ll use to authenticate your application via the OAuth protocol. To obtain them:
+
+---
+
+### (1) Create the GitLab OAuth Application
+
+Log in to your [GitLab account](https://gitlab.com) and create a new application.
+
+On the left sidebar, select your avatar. Select _Edit profile_.
+
+On the left sidebar, select _Applications_. Select _Add new application_.
+
+> You can also register a new application under a group, which may be more appropriate if it is maintained by a team of developers, or instance-wide if you have a dedicated GitLab instance. For more on this see the [GitLab docs](https://docs.gitlab.com/integration/oauth_provider/).
+
+![A screenshot showing the GitLab page to register a new OAuth application.](https://images.workoscdn.com/images/ad782ab8-74ad-4787-91fe-685e0f466509.png?auto=format&fit=clip&q=80)
+
+Fill out the form with relevant details about your application, like the application name.
+
+For _Redirect URI_, use the Redirect URI from the GitLab OAuth configuration modal in the WorkOS Dashboard.
+
+![A screenshot showing the GitLab form to create a new OAuth application.](https://images.workoscdn.com/images/7c86fdf4-c635-46c5-977c-965b85a322fd.png?auto=format&fit=clip&q=80)
+
+The _Confidential_ flag is enabled by default. It should be exclusively used by a trusted backend server that can securely store the client secret. For native-mobile, single-page, or other JavaScript applications, disable this flag.
+
+Select the scopes for this app and click on _Save application_.
+
+### (2) Generate client credentials
+
+On the next page, you will see the GitLab _Application ID_ and _Secret_ for your new OAuth application.
+
+![A screenshot showing OAuth client credentials in the GitLab application settings](https://images.workoscdn.com/images/b7ce3a64-673a-476f-8a3c-cf63c76bf88e.png?auto=format&fit=clip&q=80)
+
+Copy the _Application ID_ and _Secret_ and click _Continue_.
+
+In the next step, you will provide both the GitLab Application ID and Secret to the WorkOS dashboard.
+
+### (3) Provide client credentials to WorkOS
+
+Go back to the _Authentication_ section in the WorkOS Dashboard, and click on _Edit_ under _GitLab OAuth_.
+
+Toggle _Enabled_ on and provide the client credentials from GitLab that you generated in the previous step.
+
+Finally, click _Save_.
+
+![A screenshot where to enter GitLab client credentials in the WorkOS dashboard](https://images.workoscdn.com/images/6e9b410d-33bf-485f-b1c4-6a16fbeaa946.png?auto=format&fit=clip&q=80)
+
+You are now ready to start authenticating with GitLab OAuth. Your users will see the option to sign-in with GitLab when visiting your [AuthKit](/user-management) domain.

package/.docs/organized/docs/integrations/google-directory-sync.mdx

@@ -0,0 +1,86 @@
+---
+title: Google Directory Sync
+description: "Learn about syncing your user list with\_Google\_Workspace."
+icon: google
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/google-directory-sync.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s Google Workspace directories.
+
+---
+
+## (1) Select environment
+
+Login to your WorkOS dashboard and ensure you have the desired environment selected.
+
+![Select the desired WorkOS environment from the navigation.](https://images.workoscdn.com/images/8f30c9d7-8569-4cb2-8fbe-1d8fc46be717.png?auto=format&fit=clip&q=50)
+
+## (2) Send an admin invite link
+
+Select “Organizations” in the navigation.
+
+Select the organization that'd like to enable a Google Directory Sync connection.
+
+On the Organization page, under “Invite an admin to set up this organization,” select “Invite Admin.”
+
+![Select “Invite Admin” from the organization page.](https://images.workoscdn.com/images/f879b479-24e6-4c86-acb8-8abb05f2a2ff.png?auto=format&fit=clip&q=50)
+
+Select “Directory Sync” and any other features you'd like the organization to be able to onboard.
+
+![Select “Directory Sync” and any other features you'd like the organization to be able to onboard.](https://images.workoscdn.com/images/2ff61c68-3709-4b35-ac0d-f2b5b6333d9b.png?auto=format&fit=clip&q=50)
+
+Enter the email address of the organization admin, or copy the setup link and send it to the organization admin.
+
+![Enter the email address of the organization admin, or copy the setup link.](https://images.workoscdn.com/images/a3414089-79a1-4137-8687-3e803a6f364a.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Authenticate with admin credentials
+
+Have the organization choose Google as a provider and follow the Google prompts to authenticate with admin credentials.
+
+![A screenshot showing the requested permissions in the Google modal.](https://images.workoscdn.com/images/1809508c-e153-47f7-a9b7-5b243ff95c7c.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Select which groups to sync to Your Application
+
+The organization admin can then select to filter which groups and memberships are synced to the directory. If groups are being filtered, then only users with a membership within one of the synced groups will be synced.
+
+![A screenshot showing the setup screen with how to filter groups to sync.](https://images.workoscdn.com/images/43942f32-e228-4745-89a6-fa6ff3e6f4dc.png?auto=format&fit=clip&q=50)
+
+---
+
+## (5) Sync users and groups to Your Application
+
+Changes will appear live in the Directory Sync portal under the "Users" tab:
+
+![A screenshot showing users in the "Users" tab of the WorkOS Dashboard.](https://images.workoscdn.com/images/268ff490-71bd-4aa4-9f7d-c01f3548b198.png?auto=format&fit=clip&q=50)
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+
+## Frequently asked questions
+
+### Can you selectively sync users and groups from Google Workspace?
+
+Yes, you can select to sync certain groups during setup within the Admin Portal as seen in [Step 4](/integrations/google-directory-sync/4-select-which-groups-to-sync-to-your-application).
+
+### When do users get removed from a directory?
+
+There are 2 ways a user can be deleted from a Google Workspace directory.
+
+1. The user is removed or archived on Google and no longer returned by their API.
+2. When the directory is [filtering specific groups](/integrations/google-directory-sync/4-select-which-groups-to-sync-to-your-application), if a user is removed from all groups that are being filtered in, the user is removed from the directory as well.
+
+### How often do Google Workspace directories perform a sync?
+
+Google Workspace directories are synced approximately every 30 minutes starting from the time of the initial sync
+
+### Does Google Directory Sync support nested groups?
+
+Yes, nested groups (groups within groups) are supported in Google Directory Sync. This feature is currently available in a restricted preview. Contact [WorkOS support](mailto:support@workos.com) for additional details.

package/.docs/organized/docs/integrations/google-oauth.mdx

@@ -0,0 +1,173 @@
+---
+title: Google OAuth
+description: "Learn how to set up OAuth with Google\_Workspace."
+icon: google
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/google-oauth.mdx
+---
+
+## Introduction
+
+To configure your global Google OAuth setup, you’ll need three pieces of information: a [Redirect URI](/glossary/redirect-uri), a Google Client ID, and a Google Client Secret.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the Redirect URI, an allowlisted callback URL. It indicates the location to return an authorized user to after both an authorization code is granted, and the authentication process is complete.
+
+Open your [WorkOS Dashboard](https://dashboard.workos.com) and browse to the “Configuration” tab on the left hand nav bar. Scroll down to the “Google OAuth” section and you’ll see the Redirect URI as well as the fields you’ll populate later with information from Google.
+
+![A screenshot showing the Google OAuth Redirect URI in the WorkOS Dashboard.](https://images.workoscdn.com/images/9fe79e6c-90eb-4db1-890c-bf563d7d55c2.png?auto=format&fit=clip&q=50)
+
+---
+
+## Testing with default credentials in the Staging environment
+
+WorkOS provides a default Google Client ID/Google Client Secret combination, which allows you to quickly enable and test Google OAuth. Use the [WorkOS API to initiate SSO](/sso/1-add-sso-to-your-app/add-an-endpoint-to-initiate-sso), setting the `provider` parameter to `GoogleOAuth`, and WorkOS will automatically use the default credentials, until you add your own Google Client ID and Google Client Secret to the Configuration in the WorkOS Dashboard.
+
+> The default credentials are only intended for testing and therefore only available in the Staging environment. For your production environment, please follow the steps below to create and specify your own Google Client ID and Google Client Secret.
+
+Please note that when you are using WorkOS default credentials, Google's authentication flow will display WorkOS' name, logo, and other information to users. Once you register your own application and use its Google Client ID and Google Client Secret for the OAuth flow, you will have the opportunity to customize the app, including its name, logo, contact email, etc.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the Google Client ID and the Google Client Secret.
+
+These are a pair of credentials provided by Google that you’ll use to authenticate your application via Google’s OAuth protocol. To obtain them:
+
+---
+
+### (1) Log in
+
+Log in to the [Google Cloud Platform Console Dashboard](https://console.cloud.google.com/). Select your application’s project from the project selection dropdown menu in the navigation bar.
+
+![A screenshot showing how to select your application in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/437771ef-5993-4d40-b9e5-1b083564a09f.png?auto=format&fit=clip&q=50)
+
+---
+
+### (2) Select your application
+
+Select “APIs & Services”, then “OAuth Consent Screen” in the left-hand navigation menu.
+
+![A screenshot showing where to find the "OAuth Consent Screen" option in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/73f1dda5-aab0-45f0-b466-0659929e50e1.png?auto=format&fit=clip&q=50)
+
+Select “Edit App”.
+
+![A screenshot showing where "Edit App" is located in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/4c3ab3ab-06dd-42c6-9f57-ab7ca2de5ae6.png?auto=format&fit=clip&q=50)
+
+Add `workos.com` to your list of “Authorized domains”, and select “Save”.
+
+![A screenshot showing where to enter workos.com as an "Authorized domain" in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/a07ffb8b-66fb-42e5-bd35-3587e07f6f04.png?auto=format&fit=clip&q=50)
+
+---
+
+### (3) Enter Setup Instructions
+
+Select “Credentials” in the left-hand menu. Then select “OAuth client ID” from the “Create Credentials” dropdown menu.
+
+![A screenshot showing where to find the "OAuth client ID" option in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/162e9d0f-c681-43b0-89ad-a9f8a8590119.png?auto=format&fit=clip&q=50)
+
+Then, give your OAuth client ID a name, and add the Redirect URI provided by WorkOS to the list of “Authorized redirect URIs”.
+
+> As a best practice, your OAuth client ID’s name should be different from your application’s name. It will not be shown to end users.
+
+![A screenshot showing where to enter your WorkOS Redirect URI in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/2c5d171b-affe-419a-9bb1-0ca30bb36df0.png?auto=format&fit=clip&q=50)
+
+Click “Create” and you’ll be presented with your application’s Client ID and Client Secret.
+
+![A screenshot showing the Client ID and Client Secret in the Google Cloud Platform Console Dashboard.](https://images.workoscdn.com/images/5e2962f0-f73a-4319-8bfd-e7685bcff67e.png?auto=format&fit=clip&q=50)
+
+---
+
+### (4) Obtain Identity Provider Details
+
+Add your Google Client ID and Google Client Secret to their respective fields in your Google Settings in the Configuration section of the WorkOS Dashboard.
+
+![A screenshot showing where to enter the Google Client ID and Google Client Secret in the WorkOS Dashboard.](https://images.workoscdn.com/images/d394c1b7-5ead-49bc-977f-5459b73c613a.png?auto=format&fit=clip&q=50)
+
+Select “Save Google OAuth” and you’ll almost be ready to go.
+
+---
+
+### (5) Publish your Google OAuth application
+
+Back in the “OAuth consent screen”, be sure that your app is “In production”. If it is still in testing mode you’ll likely get an “Access Blocked” error when attempting to log into your app.
+
+![A screenshot showing the publishing status of your Google OAuth application](https://images.workoscdn.com/images/6eecff2b-92a0-42f1-bf54-4d8ce8ae6f3a.png?auto=format&fit=clip&q=50)
+
+After that, you’re now able to authenticate users with Google OAuth. You will use the `provider` query parameter in the Get Authorization URL API endpoint to support global Google OAuth for any domain. The `provider` query parameter should be set to `GoogleOAuth`.
+
+---
+
+## Customize Google OAuth Domain
+
+Optional process that requires access to your Google Cloud Console and your domain’s DNS settings.
+
+After implementing the steps above, you’ll notice that the Google OAuth sign in form displays “Choose an account to continue to workos.com”. This is based on the Authorized Redirect URI in Google. To set this to a domain other than workos.com, Google will ask for proof of ownership of your domain. To help guide you through this process we have a self-service flow.
+
+---
+
+### (1) Add Your Custom Google OAuth Domain
+
+In the Configuration tab of the WorkOS Dashboard, find the Google OAuth section and click on “Setup Custom Domain”.
+
+> Note: This button will only appear if your environment has a valid Google OAuth configuration and has not already setup a custom domain.
+
+![A screenshot showing where to find the "Set Up Custom Domain" button in the WorkOS Dashboard. ](https://images.workoscdn.com/images/589f78f2-96d8-4330-b3a1-42796d7b4441.png?auto=format&fit=clip&q=50)
+
+Under “Add Custom Domain”, input the domain that you wish to use in place of `auth.workos.com`. This is often a subdomain such as `auth.example.com`. Click on “Set Domain”.
+
+![A screenshot showing where to add a custom domain in the WorkOS Dashboard.](https://images.workoscdn.com/images/0d4419da-778f-4f26-8c01-f66ce9c9cd33.png?auto=format&fit=clip&q=50)
+
+---
+
+### (2) Add CNAME Target
+
+Add a new CNAME target inside your domain’s DNS settings. Set the host to match the domain you set in the previous step and set the value to `cname.workosdns.com`.
+
+Once the above is complete, click on “Verify DNS”. This verification often takes less than a minute, but is dependent on how long your DNS record takes to propagate. The page will continue polling to check the status of your verification until it is successful.
+
+![A screenshot showing the CNAME target of cname.workosdns.com in the WorkOS Dashboard.](https://images.workoscdn.com/images/92bb6e81-aaa2-46e2-9a11-73291d7e5e4f.png?auto=format&fit=clip&q=50)
+
+---
+
+### (3) Add New Redirect URI to Google
+
+Once the DNS has been successfully verified, we will provide a URI starting with your subdomain in the “Add redirect URI to Google” section. Click on the clipboard icon to copy the URL.
+
+![A screenshot showing the clipboard icon in the WorkOS Dashboard.](https://images.workoscdn.com/images/0f9d922e-6b29-4f9f-b30a-ebceafcc785b.png?auto=format&fit=clip&q=50)
+
+In your Google Cloud Platform dashboard under your project’s “APIs & Services” → “Credentials” section, add the URL copied above under “Authorized redirect URIs”. To ensure your Google OAuth integration continues to work without any gaps in service, leave your existing Redirect URI in place for now.
+
+![A screenshot showing where to enter the redirect URI in the Google Cloud Platform Console.](https://images.workoscdn.com/images/119c14f3-0ad7-4137-af15-d33dbb891bcb.png?auto=format&fit=clip&q=50)
+
+---
+
+### (4) Test Google Redirect URI
+
+Once the URL has been added and saved on the Google side, navigate back to the WorkOS Dashboard and click on “Test Google Redirect URI”.
+
+![A screenshot showing the "Test Google Redirect URI" button in the WorkOS Dashboard.](https://images.workoscdn.com/images/55e89618-c999-4d12-877b-aba1d150d865.png?auto=format&fit=clip&q=50)
+
+If the test is successful, you will see a “Successfully tested” message displayed. You will also now be able to click “Save custom Google OAuth settings” to save your new Google OAuth configuration.
+
+![A screenshot showing the "Save custom Google OAuth settings" button in the WorkOS Dashboard.](https://images.workoscdn.com/images/0bffba7d-efc9-41ee-abba-a405cb71f548.png?auto=format&fit=clip&q=50)
+
+Once these updates have been saved, test out your Google OAuth sign in flow to ensure everything is working properly and your domain is displayed on the form. If everything is looking good, it is safe to remove the old `auth.workos.com` URL from your Google Authorized redirect URIs, and `workos.com` from your Google Authorized domains.
+
+---
+
+## Frequently asked questions
+
+### How is the WorkOS Google OAuth integration different from implementing regular Google OAuth flow?
+
+It’s the same Google OAuth flow as you could build yourself, but it’s encapsulated within WorkOS SSO. This means you don’t need to build it yourself. In addition to Google OAuth, you can use WorkOS SSO to support other identity providers, all with a single integration.
+
+### What is the provider query parameter and how is it used in the Google OAuth integration?
+
+You can use the `provider` query parameter in the [Get Authorization URL API endpoint](/reference/sso/get-authorization-url) to support global Google OAuth for any domain. The `provider` query parameter should be set to `GoogleOAuth`.

package/.docs/organized/docs/integrations/google-saml.mdx

@@ -0,0 +1,135 @@
+---
+title: Google SAML
+description: "Learn how to configure a connection to\_Google Workspace via SAML."
+icon: google
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/google-saml.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [connection](/glossary/connection). Often, the information required to create a connection will differ by Identity Provider.
+
+To create a Google SAML connection, you’ll need three pieces of information: an [ACS URL](/glossary/acs-url), a [SP Entity ID](/glossary/sp-entity-id), and an [IdP Metadata URL](/glossary/idp-metadata).
+
+Start by logging into your [WorkOS Dashboard](https://dashboard.workos.com/) and selecting “Organizations” from the left hand navigation bar.
+
+Click on the organization you’d like to configure a Google SAML connection for and select “Manually Configure Connection”.
+
+![A screenshot showing where to find “Manually Configure Connection” for an Organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/26e7f2ca-7d61-4f02-9a67-f3bfbc254ba3.png?auto=format&fit=clip&q=50)
+
+Select “Google SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
+
+![A screenshot showing how to create a connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/7f2f8f2b-22d1-443c-a692-5eb7fa506042.png?auto=format&fit=clip&q=50)
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the ACS URL and the SP Entity ID. It’s readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to find the ACS URL and SP Entity ID in the WorkOS Dashboard.](https://images.workoscdn.com/images/1d07cb61-b23a-4894-ab9b-fd97d5bc6d6b.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. In Google’s case, it needs to be set by the organization when configuring your application in their Google admin dashboard.
+
+The SP Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion. In this case, the entity ID is used to communicate that WorkOS will be the party performing SAML requests to the organization's Google instance.
+
+Specifically, the ACS URL will need to be set as the “ACS URL” and the SP Entity ID will need to be set as the “Entity ID” in the “Service Provider Details” step of the Google SAML setup.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the metadata XML file from Google.
+
+Normally, this information will come from the organization's IT Management team when they set up your application’s SAML 2.0 configuration in their Google admin dashboard. But, should that not be the case during your setup, here’s how to obtain it.
+
+---
+
+## (1) Log in
+
+Log in to the Google Admin dashboard, select “Apps” from the sidebar menu, and then select “Web and Mobile Apps” from the following list. If your application is already created, select it from the list of applications and move to Step 7. If you haven’t created a SAML application, select “Add App” and then “Add custom SAML app”.
+
+![A screenshot showing where to find "Add custom SAML app" in the Google Dashboard.](https://images.workoscdn.com/images/1a0abd99-4e2c-403f-89b9-a3fd11d6fb9a.png?auto=format&fit=clip&q=50)
+
+---
+
+## (2) Enter Your App’s Information
+
+Give the app a descriptive name and upload an icon, if applicable. Click “Continue”.
+
+![A screenshot showing where to add app name in the Google Dashboard.](https://images.workoscdn.com/images/89ae0c9e-becf-4076-8178-7d4535eac778.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Obtain Identity Provider Details
+
+Select the “Download Metadata” button to download the metadata file. Save this file, as you’ll upload it to the WorkOS Dashboard in Step 7. Click “Continue”.
+
+![A screenshot showing where to find "Download Metadata" in the Google Dashboard.](https://images.workoscdn.com/images/92b16c09-8b06-4b8b-b4a0-2f441fd3d878.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Enter Service Provider Details
+
+Copy and the “ACS URL” from your WorkOS Dashboard and paste it into the “ACS URL” field, and copy the “SP Entity ID” from your WorkOS Dashboard and paste it into the “Entity ID” field in the Google SAML “Service provider details” modal. Select “Continue.”
+
+![A screenshot showing where to enter "Entity ID" and "ACS URL" in the Google Dashboard.](https://images.workoscdn.com/images/946113dc-812e-446d-b466-32eec2b27629.png?auto=format&fit=clip&q=50)
+
+---
+
+## (5) Configure Attribute Mapping
+
+Provide the following Attribute Mappings and select “Finish”.
+
+Google SAML does not provide the option to map a user’s id attribute claim.
+
+![A screenshot showing completed Attribute Mappings in the Google Dashboard.](https://images.workoscdn.com/images/dcf0968a-346c-4a58-bd76-8e0a87d92d66.png?auto=format&fit=clip&q=50)
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, follow the guidance below.
+
+Scroll down to the "Group membership" section. Add any groups you'd like to send under "Google groups", and set the "App attribute" to "groups". Then, select "Finish".
+
+![A screenshot showing how to add a group attribute in the Google dashboard.](https://images.workoscdn.com/images/b7a6e5f7-aaf1-4756-9fc9-04f70f1c8a67.png?auto=format&fit=clip&q=50)
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (6) Configure User Access
+
+In the created SAML app’s landing page, select the “User Access Section”.
+
+![A screenshot showing where to find the "User Access Section" in the Google Dashboard.](https://images.workoscdn.com/images/57080072-5a42-4463-897b-2382c643082a.png?auto=format&fit=clip&q=50)
+
+Turn this service ON for the correct organizational units in your Google Directory setup. Save any changes.
+
+Google may take up to 24 hours to propagate these changes. The connection in WorkOS will be inactive until then.
+
+---
+
+## (7) Upload Metadata File
+
+If you haven’t already downloaded the metadata file, select your SAML application, and click “Download Metadata”. In the modal, again click “Download Metadata”.
+
+![A screenshot showing where to find "Download Metadata" in the Google Dashboard.](https://images.workoscdn.com/images/7e1a8f1f-fb44-435d-961a-d71eff48d207.png?auto=format&fit=clip&q=50)
+
+In the connection Settings of the WorkOS Dashboard, click “Edit Metadata Configuration”.
+
+![A screenshot showing the “Edit Metadata Configuration” button in the WorkOS Dashboard.](https://images.workoscdn.com/images/afe34aca-df4f-4005-b71e-bf528916a491.png?auto=format&fit=clip&q=50)
+
+In the modal, upload the Google Metadata file and then select “Save Metadata Configuration”. Once the file is uploaded into WorkOS, your connection will then be linked and good to go!
+
+![A screenshot showing a linked Google SAML connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/9c497a05-f823-4c51-ab54-e5b6feed53fa.png?auto=format&fit=clip&q=50)
+
+---
+
+## Frequently asked questions
+
+### Where is the Relay State in Google SAML?
+
+Within the Google SAML setup, there will be a field called “Start URL” which is referred to as the Relay State.