Open ID Connect profile to use NetScaler Gateway as the IdP

November 25, 2025

Contributed by:

You must create an OIDC profile on the Google Admin console for using NetScaler Gateway as an IdP.

Google admin console

Create a Google OIDC SSO profile

Perform the following steps in the Google Admin console.

Go to Security > Authentication > SSO with third party IdP and then select Add OIDC Profile.
Enter a name for the profile.
Enter the OIDC details.
- Client ID: Use a random client ID (usually a 22 characters numeric string)
- Client Secret: Generate a random string of a minimum of 32 characters. The string must include alphanumeric and special characters.
  
  Some special characters such as, - #, @, !, ^, &, %, are not allowed in the Client secret field while configuring OAuth IdP profile on NetScaler. Therefore, you must not use these special characters in the Client Secret field here.
Note:

You must manually generate the client ID and client secret in NetScaler Gateway.
- Issuer URL: Set this field to https://<SPAGatewayFQDN>/oauth/idp/<OAuthIdpProfileName>, where SPAGatewayFQDN is the FQDN corresponding to the Secure Private Access Gateway URL and OAuthIdpProfileName is the name of the OAuth IdP profile, which is created on the NetScaler Gateway.
Note:

Do not use spaces in the IdP profile name.
- Change password URL: Leave it blank (not needed at this point)
Click Save.

Client ID and secret

Important:

Note down the Client ID, Client secret, and the Redirect URL. These values are required while configuring the OAuth IdP profile on NetScaler Gateway.

Bind the OIDC Profile (To either an OU or group)

To complete the OIDC profile configuration, you must bind it to specific organizational units (OUs) or groups in your Google Workspace. This binding determines which users can authenticate using this OIDC profile with NetScaler Gateway as the IdP.

Navigate to Security > Authentication > SSO with 3rd Party IDPs.
In Manage SSO profile assignments, click Manage
From the left navigation pane, select the root organizational unit (OU) and your SSO profile to enable SSO for all users of your organization. Alternatively, you can assign the SSO profile to specific groups or OUs.
Select the SSO profile that you created and click Save.

Configure NetScaler as an OAuth IdP

See NetScaler as an OAuth IdP for configuring NetScaler as an OAuth IdP.

Note:

The Audience field value in the OAuth IdP profile must be same as the client ID value.

The Issuer URL must match with the one configured in the Google Admin console.

The Client ID, Client Secret and Redirect URL values must be taken from the Google Admin console.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Open ID Connect profile to use NetScaler Gateway as the IdP

November 25, 2025

Contributed by:

November 25, 2025

Contributed by:

Open ID Connect profile to use NetScaler Gateway as the IdP

Create a Google OIDC SSO profile

Bind the OIDC Profile (To either an OU or group)

Configure NetScaler as an OAuth IdP

In this article