Skip to main content

Google Single Sign-on


This feature is available only on the enterprise edition for ToolJet

Goto Google cloud console and create a project.

ToolJet - Google create project

Goto Google cloud console credentials page, and create an OAuth client ID

ToolJet - Google create client id

You'll be asked to select user type in consent screen. To allow only users within your organization, select 'Internal', otherwise, select 'External'.

ToolJet - OAuth user type

You'll be led to an app registration page where you can set OAuth scopes. Select 'Add or remove scopes' and add the scopes and userinfo.profile as shown in the image. This will allow ToolJet to store the email and name of the user who is signing in

ToolJet - OAuth scope

Set the domain on which ToolJet is hosted as an authorized domain

ToolJet - Google authorized domain

Lastly, supply the environment variable SSO_GOOGLE_OAUTH2_CLIENT_ID to your deployment. This value will be available from your Google cloud console credentials page


Restrict to your domain#

Set the environment variable RESTRICTED_DOMAIN to ensure that ToolJet verifies the domain of the user who signs in via SSO, on the server side. If you're setting this environment variable, please make sure that the value does not contain any protocols, sub domains or slashes. It should simply be


Restrict signup via SSO#

Set the environment variable SSO_DISABLE_SIGNUP to true to ensure that users can only log in and not sign up via SSO. If this variable is set to true, only those users who have already signed up, or the ones that are invited, can access ToolJet via SSO.

The Google sign-in button will now be available in your ToolJet login screen.