Skip to content

Add guide on disabling default social logins via Google Workspace#3502

Open
xnox wants to merge 2 commits into
mainfrom
docs/disable-social-logins-google
Open

Add guide on disabling default social logins via Google Workspace#3502
xnox wants to merge 2 commits into
mainfrom
docs/disable-social-logins-google

Conversation

@xnox

@xnox xnox commented Jul 2, 2026

Copy link
Copy Markdown
Member

What

Adds a new article: Disabling Default Social Logins at content/chainguard/administration/custom-idps/disabling-social-logins/index.md.

It documents the interim workaround for SSO/OIDC customers whose users keep clicking Login with Google out of habit — creating accounts outside their organization that owners then have to clean up and re-provision.

Why

This is a recurring, high-frequency customer pain point (reported ~3x/week for one customer). A native org-level setting to hide/disable the default social logins is on the Q3 roadmap, but this Google Workspace-side block solves it today and is worth publicising.

Approach

Rather than a Chainguard-side toggle (which doesn't exist yet), the guide explains how a Google Workspace admin blocks the Chainguard app via Security > Access and data control > API controls > App access control, scoping the block by organizational unit. It includes:

  • The exact user-facing error once blocked (Error 400: admin_policy_enforced)
  • Break-glass guidance: scope the block by org unit so recovery accounts retain Google login
  • How to restore access (grant at least Limited so login scopes are permitted)
  • A pointer to Google Workspace support, and a note that the native Chainguard feature is on the roadmap

Notes for reviewers

  • Published as draft: true — pending cropped screenshots of the Google Admin console (steps 3–6). A TODO comment marks where they go and the naming convention. Flip to draft: false once screenshots are added.
  • Please confirm the current Google Admin console menu labels/terminology, as Google changes these periodically.

🤖 Generated with Claude Code

Documents the interim workaround for SSO/OIDC customers whose users
accidentally sign in with "Login with Google", creating accounts outside
their organization. Explains how a Google Workspace admin can block the
Chainguard app via API access control, with break-glass guidance to scope
the block by organizational unit. Published as a draft pending screenshots.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@xnox xnox requested a review from a team as a code owner July 2, 2026 14:17
@netlify

netlify Bot commented Jul 2, 2026

Copy link
Copy Markdown

Deploy Preview for ornate-narwhal-088216 ready!

Name Link
🔨 Latest commit c115c5b
🔍 Latest deploy log https://app.netlify.com/projects/ornate-narwhal-088216/deploys/6a46a0e05f8dcc00084cdd39
😎 Deploy Preview https://deploy-preview-3502--ornate-narwhal-088216.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Comment thread content/chainguard/administration/custom-idps/disabling-social-logins/index.md Outdated

* You have a [backup account](/chainguard/administration/custom-idps/custom-idps/#backup-accounts) that does not rely on Google sign-in — for example, an [assumable identity](/chainguard/administration/iam-organizations/assumable-ids/) — so you retain a recovery path.

You will also need administrator access to your organization's [Google Workspace Admin console](https://admin.google.com).

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what's going on with the apostrophes being interpreted as formatting marks. @SharpRake do you know?

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From here down to line 81, alternating several times.

Co-authored-by: Matthew Helmke <matthew.helmke@chainguard.dev>
Signed-off-by: Mark Drake <33191761+SharpRake@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants