Google Workspace vs. Google Application through GCP


i have an application which contains a user area and an admin area.

I started setting up/protecting the admin area with keycloak as sp and Google Workspace (Saml) as Idp.

While i currently struggle setting this up, i’m very curious on the issue that Google Workspace only provides SAML, which is indicated that it is unsafe and shouldn’t be used.

I thought it would be great to use Google Workspace as only my org should be allowed to login into the admin area.

But for the user area i will probably / want to provide Google as a login also which, as far as i have researched, requires Googe API (from GCP) feature.

I’m struggling with the SAML Setup anyway (currently getting the error Error: app_not_configured_for_user) and there is no up-to-date guide for doing this. So is it even worth doing it in two different ways?

Is it save enough or properly configurable that no one outside my org can by accident login into my admin area?

What are your thoughts?



I have now created two GCP Projects and oauth client. That worked out of the box in a very short time.

With the two projects i can also make sure that for admin only org members can login.