# Configure OIDC login for GCP

This document outlines the steps to configure OpenID Connect (OIDC) login for Google Cloud Platform (GCP) using **Auth0 by Okta**.

## Prerequisites:
- Auth0 by Okta set up as an OIDC provider.
- GCP IAM access.

## Steps:

1. **Create a Workload Identity Pool**:
   - Open the **Google Cloud Console**.
   - Navigate to **IAM & Admin** > **Workload Identity Federation**.
   - Create a new **Workload Identity Pool**.

2. **Configure OIDC Identity Provider**:
   - Choose **OIDC** as the identity provider type.
   - Enter the Auth0 **Issuer URL**: `https://your-tenant-name.us.auth0.com/`.

3. **Configure Service Account Binding**:
   - Choose a service account that will be authenticated through OIDC.
   - Bind the service account to the Workload Identity Pool.
   - Grant necessary IAM roles (e.g., `roles/storage.admin` for GCS access).

4. **Trust Policy Configuration**:
   - Configure the trust policy to allow Auth0 users to authenticate:
     ```json
     {
       "issuer": "https://your-tenant-name.us.auth0.com/",
       "subject": "user_id",
       "audiences": [
         "your-client-id"
       ]
     }
     ```

5. **Test Authentication**:
   - Use OIDC tokens generated by Auth0 to authenticate and access GCP services.