Uptrace
4098
Get started
Get started
Alerts and Notifications
Chart annotations
Dashboards
Transformations
Service graph
Grafana integration
Data fixtures
Querying
Spans and Logs
Metrics
Searching
PromQL compat
Grouping & systems
Logs grouping
Semantic attributes
SSO
Google
Okta
Keycloak

Google Cloud Single Sign-On

Google Cloud provides OpenID Connect (OIDC) identity services that you
can use to bring your Google users into Uptrace.

Single Sign-On allows you to manage users using OIDC providers. After logging in, such users are
automatically added to a team and can access team projects. When users are removed from Google, they
automatically lose granted access in Uptrace.

Step 1. Create OIDC SSO in Uptrace

  1. In Uptrace, go to Organization -> Single Sign-On
  2. Click New SSO -> New Google (OIDC)
  3. Fill out the form:
    • Domain: your unique domain name (can be any string; it will be used later during the sign-in
      process)
    • User team: select the team that will be automatically assigned to new users
    • User role: select the role that will be automatically assigned to new users

Uptrace Google OIDC

  1. Click Create and you will be presented with the redirect URL to configure Google OAuth

Uptrace OIDC info

Leave this form open — you will need to enter the Client ID and Client Secret from Google to
finish the setup.

Step 2. Create Google OAuth client

  1. Visit Google Cloud Console and open APIs & Services
  2. Open the Credentials tab and click Create credentials -> OAuth client ID
  3. Set Application type to Web application
  4. Under Authorized redirect URIs, add the redirect URL you received from Uptrace in Step 1
  5. Click Save and you will be presented with the Client ID and Client Secret

Google OAuth client

Step 3. Finish configuring Uptrace

  1. Go back to the OIDC SSO form you left open in Step 1
  2. Enter the Client ID and Client Secret you received from Google in Step 2
  3. Click Save

Uptrace OAuth client

You can now log in to Uptrace using Google by opening
https://uptrace.dev/auth/sso/<your-domain>.

Troubleshooting

Redirect URI mismatch — The redirect URI configured in Google Cloud must exactly match what
Uptrace uses. Make sure the protocol (http vs https), host, and port all match.

User has no email — Uptrace requires an email address for SSO users. Google accounts always have
an email, so this is typically not an issue.

OAuth consent screen not configured — If you see an error about the consent screen, make sure you
have configured the OAuth consent screen
in Google Cloud Console before creating the OAuth client.

Semantic attributesUnderstand the OpenTelemetry semantic conventions Uptrace normalizes, including version specific renames and attribute aliases.
OktaConfigure Okta as a SAML 2.0 identity provider for Uptrace SSO using app integrations, attribute statements, and metadata URLs.
Step 1. Create OIDC SSO in Uptrace
Step 2. Create Google OAuth client
Step 3. Finish configuring Uptrace
Troubleshooting