Glean administrator prerequisites for Zapier connection

Google SSO

Before you start, ensure Glean’s SSO configuration for Google is complete.

1. Configure Zapier redirect URI

• Log in to your Google Cloud Project console.
• At the top of the page, click the project dropdown menu.
• Select your Glean project.
• In the left navigation panel, click APIs & Services.
• From the left sidebar of the APIs & Services dashboard, click Credentials.
• Under the OAuth 2.0 Client IDs section, click the entry for your Glean configuration. (e.g., Glean … SSO).
• In the A uthorized redirect URIs section, click + Add URI.
• Paste the following URL into the new field. This will be your Zapier redirect URI: https://zapier.com/dashboard/auth/oauth/return/App222189CLIAPI/
• Click Save.

2. Retrieve Client credentials

You must provide your users with two credentials from your Glean SSO app:

• Client ID
• Client Secret

To find this information in your Google Cloud Project:

• In the Additional Information section, copy the Client ID.
• In the Client secrets section, copy the Client secret.
  • If you cannot view the secret, create a new client secret.

Once you complete these steps, users in your Glean organization will be able to connect Glean to Zapier.

Okta SSO

Before you start, ensure Glean's SSO configuration for Okta is already complete.

Note

Your organization may already have an Okta SAML configuration for Glean, which allows users to log into the Glean UI via Okta. To connect to Zapier, a separate OIDC Web Application must be configured by an Okta admin.

1. Create an OIDC application in Okta

• Log in to your Okta Admin Console.
• In the left sidebar, go to Applications.
• Click Create App Integration.
• For Sign-in method, select OIDC - OpenID Connect.
• For Application type, select Web Application.
• Click Next.
• Give the application a name (for example, Glean Zapier).
• Under Sign-in redirect URIs, add all of the following (replace YOUR_GLEAN_DOMAIN with your Glean subdomain, for example, mycompany-be):
  • https://YOUR_GLEAN_DOMAIN-be.glean.com/authorization-code/callback?isExtension=1
  • https://YOUR_GLEAN_DOMAIN-be.glean.com/authorization-code/callback
  • https://zapier.com/dashboard/auth/oauth/return/App222189CLIAPI/
• Click Save.

2. Enable refresh token

Zapier requires a refresh token to maintain the connection without requiring users to re-authenticate frequently.

• In the newly created application, go to the General tab.
• Under General Settings, click Edit.
• Under Grant type, ensure Refresh Token is checked.
• Click Save.

3. Configure authorization server scopes and claims

The required scopes must be available on your Okta API authorization server.

• In the Okta Admin Console, go to Security > API and select your authorization server (typically default).
• Click the Scopes tab and confirm the following scopes exist: openid, profile, email, offline_access. If any are missing, click Add Scope to create them.
• Click the Claims tab, then click Add Claim.
  • Name: Enter primary_email.
  • Include in token type: Select Access Token, Always.
  • Value type: Select Expression.
  • Value: Enter user.email.
  • Include in: Select Any scope.
• Click Create.
• Click the Access Policies tab and confirm the policy is assigned to clients: All Clients (or specifically assigned to the Okta app you created in step 1).
• If a rule exists, ensure Authorization Code is enabled as a grant type under that rule.

4. Assign users or groups

• In your Okta OIDC application, go to the Assignments tab.
• Assign the application to the users or groups in your organization who will be connecting Glean to Zapier.

5. Verify Okta OAuth settings in Glean

Most of these settings are likely configured in your Glean instance. Verify all settings below are configured before users can connect to Zapier.

• In Glean, go to Admin Console > Platform > API access > Client API tokens.
• Click Manage Settings.
• Toggle on Allow OAuth token-based access.
• Set SSO provider to Okta.
• In the Issuer subdomain field, enter your full Okta org URL (for example, https://yourcompany.okta.com).
• In the Allowed Client IDs field, enter the Client ID of the Okta app you created in step 1.
• Click Save.

Note

It may take up to 30 minutes for changes to take effect.

6. Retrieve client credentials

Provide users with the following three credentials from the OIDC application you created:

• Okta domain: Your Okta organization URL (for example, yourcompany.okta.com). Found in the top-right corner of your Okta Admin Console.
• Client ID: Found on the General tab of your OIDC application.
• Client secret: Found on the General tab under Client Secrets. If none exists, click Generate new secret and copy the value immediately — it will not be shown again.

Once you complete these steps, users in your Glean organization will be able to connect Glean to Zapier.

Updating teammates permissions

Depending on what Glean actions users want to use in Zapier, you may need to update a user's role to include additional permissions.

The required permissions depend on what Glean actions the user is attempting to perform in their Zapier workflows.