Skip to main content

Google Single Sign On Setup

How SSO protects your Edlio CMS dashboard by eliminating standalone passwords and centralizing login through your district's Google identity provider

What is Google single sign-on (Google SSO)?

Google SSO allows organizations that use Google Workspace (formerly G Suite or Google Apps) for their email to log into the Edlio CMS using those same accounts.

Why use Google SSO?

Simplicity and Security. Reducing the number of passwords a user has and the number of locations a user is managed simplifies the entire administration. Google's account security is quite good. Their two-factor authentication, password reset flows, and intrusion detection systems are impressive.

How SSO strengthens your CMS security

Single sign-on doesn't just make logging in easier — it adds meaningful security layers to your Edlio dashboard. Here's what changes when your district enables Google SSO:

Your identity provider handles authentication, not Edlio. When SSO is active, Edlio never stores or manages user passwords. Authentication happens entirely through Google or Microsoft, which means your users benefit from the enterprise-grade protections those platforms already provide — including two-factor authentication, suspicious-login detection, and automated password reset flows.


Fewer passwords means fewer vulnerabilities. Every standalone password is a potential point of failure. SSO eliminates the need for a separate Edlio-specific password, so there's one less credential that can be forgotten, reused across sites, or compromised in a breach.


User access stays in sync with your directory. Because SSO ties CMS sign-in to your existing Google Workspace or Microsoft Entra ID accounts, user access follows your directory management. When a staff member leaves and their account is deactivated, their CMS access ends automatically — no separate cleanup in Edlio required.


You can restrict sign-in to a specific Organizational Unit. Districts that share a single directory across staff and students can lock CMS access down to a designated staff OU, preventing students or other directory users from reaching the editing tools. See Restrict CMS Sign-In to an Organizational Unit for setup details.


Your IT team keeps centralized control. Password policies, session rules, MFA requirements, and account deactivation are all managed in one place — your Google or Microsoft admin console — rather than split across multiple platforms.

Initial Google SSO Setup

For sites that need initial Google SSO setup, you'll need to create credentials in the Google API Console and provide them to configure your authentication settings.

Google SSO uses OAuth 2.0. You'll need to go to the Google API Console to set up a project with the appropriate APIs enabled and create credentials.

Before you begin: Contact Edlio Support to request that Google SSO authentication be enabled for your site and to obtain the JavaScript origins and redirect URIs you will need to enter when creating the Client ID in Step 4.

Detailed instructions are below:

  1. Access the Google API Console (Google Developers Console)

  2. Create a new project

  3. Enable the APIs

  4. Add credentials

  5. Configure your site's Google SSO settings

Google updates its interfaces frequently and we do our best to keep the screenshots here up-to-date. Google also personalizes your experience based on your account access and settings. Please understand that the screens here may not perfectly match what you see in Google.

Access the Google API Console (Google Developers Console)

  1. Log into your Google account.

  2. Go to the Google API Console

  3. Select your organization from the menu in the top-left corner

selecting organization

  1. In the popup window choose "New Project"

selecting new project

Create a new project

  1. In the dialog box that appears enter a name for the project.

  2. Google will suggest a project ID based on the project name, but you may edit it if you wish.

  3. Click the "Create" button.

naming project

Enable the APIs

Enable Google+ API

The Google+ API is required as it provides the user profile information we use for the user's profile. The API is somewhat misnamed as the Google+ API is not specifically for the now-defunct Google+ the social network, but provides basic data about all Google users.

The Google+ API can be activated even if your organization does not use Google+. Enabling the Google+ API will not turn on the Google+ social network.

  1. Click "Enable APIs and Services" on the Dashboard

  2. Search for Google+ API

  3. Choose "Google+ API" from the search results.

  1. Now click the "Enable" button

Enable API for Admin SDK

The Admin SDK provides access to the DirectoryAPI. The DirectoryAPI provides the access to the Organizational Unit and Groups information.

In the same way that was done for the Google+ API, search for the Admin SDK in the Library and then enable it.

Create credentials

Set up the consent screen

Before you can create your credentials, you will be required to configure a consent screen. Users will see the consent screen the first time they log into your website's admin area using their Google account. It's how Google gains their permission to share their account information with you for the purposes of logging them into your website.

  1. From the left side menu, select OAuth consent screen. Click Get Started.

auth platform start

The configuration of the consent screen will look similar to this:

consent screen start

  1. Give the app a name. It can be the same as the Project Name.

  2. Select your support email. Click Next.
    This email address will be shown to users on the consent screen. You can use your email address or a Google Group email address that you manage.

  3. Select "Internal" for the application type. Click Next.

  4. Type contact email. It can be the same email as the support email. Click Next.

  5. Agree to the Google API Services: User Data Policy. Click Continue.

  6. Click Create

  7. On the side menu, click Branding

  8. In the Authorized Domains box, add "edlioadmin.com"

Add Scopes

  1. On the OAuth Overview screen, click Data Access, then click Add or Remove Scopes.

data access screen

You will want to select the following scopes:

  • /auth/userinfo.email

  • /auth/userinfo.profile

  • openid

  • Admin SDK API: /auth/admin.directory.user.readonly
    Remember to scroll to the bottom of the modal to click Update

Create Client ID

  1. On the OAuth Overview screen, click Create OAuth Client or click Clients on the left side menu then Create client.

create oauth client button

  1. Select Web Application under Application Type.

  2. Give the client a name. It can be the same as the Project Name.

  3. Enter the JavaScript origins provided by Edlio Technical Support. There will be one URI and one redirect URI, per site.

  4. Click Create

client id

Authorized redirect URL can be found under Security - User Authentication - "Callback URL" in the Edlio CMS Settings.


Save credentials

A pop-up should appear with the Client ID and Client Secret. Either copy these or download the JSON file.

These credentials are what you'll need to configure Google SSO for your website.

Configure Google SSO in Your Site Settings

Once you have your Client ID and Client Secret from Google:

  1. Navigate to your site's Security settings page

  2. Locate the Google SSO Configuration section

  3. Enter the following required information:

    • Client ID: The Client ID from your Google API Console credentials

    • Client Secret: The Client Secret from your Google API Console credentials

    • Allowed Login Domain(s): The domain(s) you want to allow for Google SSO login

  4. Save your configuration

All fields are required and must be completed before you can save your Google SSO settings.

Need Additional Help?

If you need assistance with initial Google SSO setup or have technical questions, contact Edlio Technical Support.

Related Articles
Restrict CMS Sign-In to an Organizational Unit (Google SSO or Microsoft SSO)
Google Single Sign On Setup
Sign in with Google SSO
Updating OAuth Protocol on Your Google SSO Project
Microsoft Azure Single Sign On Setup
Did this answer your question?