If Google is specified as the the external identity provider, a subset of Google provider attributes can be used as the mapping attribute placeholder value.

The placeholder value must use the following syntax:

${providerAttributes.<Google attribute name>}

When you create a new Google identity provider entity, the POST request automatically maps the PingOne username attribute to the Google emailAddress.value attribute. The username attribute is the core mapping attribute; the default Google attribute value is emailAddress.value. It is also recommended that you map the PingOne email attribute to the Google emailAddress.value attribute.

The request body for the email-to-email mapping looks like this, with the value attribute showing the Google emailAddress.value attribute expressed using the placeholder syntax:

{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.emailAddress.value}"
}

The POST /environments/{environmentId}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to GOOGLE, Google’s clientId and clientSecret property values are required in the request body.

Google identity provider settings data model

Property Description
clientId A string that specifies the application ID from Google. This is a required property.
clientSecret A string that specifies the application secret from Google. This is a required property.

Google core attributes

Property Description
username A string that specifies the core Google attribute. The default value is ${providerAttributes.emailAddress.value} and the default update value is EMPTY_ONLY.

Google provider attributes

Permission Provider attributes
profile, email Options are: resourceName, etag, emailAddress.value, name.displayName, name.familyName, name.givenName, name.middleName, nickname.value, nickname.type, gender.value, and gender.formattedValue.
https://www.googleapis.com/auth/profile.agerange.read Options are: ageRange.ageRange.
https://www.googleapis.com/auth/profile.language.read Options are: locale.value.
https://www.googleapis.com/auth/user.birthday.read Options are: birthday.date.month, birthday.date.day, birthday.date.year, and birthday.text.
https://www.googleapis.com/auth/user.phonenumbers.read Options are: phoneNumber.value.