From a9e53d4c152e95529766019626fdec7bb999d2eb Mon Sep 17 00:00:00 2001 From: bcmmbaga Date: Wed, 1 Apr 2026 13:49:12 +0300 Subject: [PATCH 1/2] Add migration warning to legacy Google Workspace setup Signed-off-by: bcmmbaga --- .../managed/advanced/google-workspace.mdx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx b/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx index 7617d85fc..993480d9d 100644 --- a/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx +++ b/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx @@ -1,7 +1,13 @@ -import {Note} from "@/components/mdx"; +import {Note, Warning} from "@/components/mdx"; # Google Workspace SSO with NetBird Self-Hosted (Legacy) + +**Migration recommended:** The client secret has been removed from the authentication flow. The secret was originally included to support providers like Google Workspace that don't offer a proper PKCE flow, but this is no longer necessary with the embedded IdP. + +If you are using this standalone Google Workspace setup, we strongly recommend migrating to the [embedded IdP setup with Google as an external provider](/selfhosted/identity-providers/managed/google-workspace#management-setup-recommended). The embedded IdP approach is simpler, fully supported, and does not rely on the deprecated client secret. + + Use Google accounts for authentication with NetBird. This supports both personal Google accounts and Google Workspace (formerly G Suite) organizations. ## Standalone Setup (Advanced) From 3c933217d4ba42e48f2e1ca9c70e9878c9ceceef Mon Sep 17 00:00:00 2001 From: bcmmbaga Date: Wed, 1 Apr 2026 13:52:39 +0300 Subject: [PATCH 2/2] Refactor Signed-off-by: bcmmbaga --- .../identity-providers/managed/advanced/google-workspace.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx b/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx index 993480d9d..a9bb0bc1f 100644 --- a/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx +++ b/src/pages/selfhosted/identity-providers/managed/advanced/google-workspace.mdx @@ -3,7 +3,7 @@ import {Note, Warning} from "@/components/mdx"; # Google Workspace SSO with NetBird Self-Hosted (Legacy) -**Migration recommended:** The client secret has been removed from the authentication flow. The secret was originally included to support providers like Google Workspace that don't offer a proper PKCE flow, but this is no longer necessary with the embedded IdP. +The client secret has been removed from the authentication flow. The secret was originally included to support providers like Google Workspace that don't offer a proper PKCE flow, but this is no longer necessary with the embedded IdP. If you are using this standalone Google Workspace setup, we strongly recommend migrating to the [embedded IdP setup with Google as an external provider](/selfhosted/identity-providers/managed/google-workspace#management-setup-recommended). The embedded IdP approach is simpler, fully supported, and does not rely on the deprecated client secret.