diff --git a/web/support/kb/cloud/google_oidc_setup.rst b/web/support/kb/cloud/google_oidc_setup.rst
new file mode 100644
index 0000000000000000000000000000000000000000..c6ba4e2853498c9729dc6717fecb68a23a994863
--- /dev/null
+++ b/web/support/kb/cloud/google_oidc_setup.rst
@@ -0,0 +1,40 @@
+configure Google platform as an IdP for keystone with OpenID
+============================================================
+
+We followed the guide Identity, Authentication, and Access management in Openstack
+
+http://file.allitebooks.com/20151213/Identity,%20Authentication,%20and%20Access%20Management%20in%20OpenStack.pdf
+
+(Chapter 5.6 A Practical Guide to Setting Up SSO with Google)
+
+In this example the Keystone url is http://keystone.cloud.garr.it
+
+Prerequisites: configure Keystone and Dashboard with the basic set of functionalities (admin, demo projects, endpoints etc).
+
+
+First of all we need to generate the Google credentials that will be set in keystone.
+
+Go to https://console.cloud.google.com -> Use Google APIs
+
+If you don’t have defined any project yet Google asks you to do. We call it GARR-CSD
+Then the API manager windows opens.
+
+Go to Credentials - Create Credentials -> OAuth Client ID (see screenshot)
+
+Google asks “To create an OAuth client ID, you must first set a product name on the consent screen”. In the next window in Product Name we choose GARR CSD.
+Next. The window Credentials pops up. Set::
+
+     Application Type: Web Application
+     Name: GARR Cloud
+     Authorized redirect URIs: https://keystone.cloud.garr.it:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect
+     https://keystone-dmz.cloud.garr.it:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect
+     https://keystone-staging.cloud.garr.it:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect
+
+
+Then click Create: a window pops up with the Client ID and client secret, which we will put in the Keystone config. 
+
+You will then find these keys listed in the main  API Manager page, under OAuth 2.0 client IDs.
+
+
+
+