diff --git a/self-host/customize-deployment/environment-variables.mdx b/self-host/customize-deployment/environment-variables.mdx
index 117d144c..f20c103f 100644
--- a/self-host/customize-deployment/environment-variables.mdx
+++ b/self-host/customize-deployment/environment-variables.mdx
@@ -383,8 +383,9 @@ These variables enable you to configure Google Cloud Platform integration.
| :------------------------ | :------------------------------------------------------------------- |
| `GOOGLE_CLOUD_PROJECT_ID` | Google Cloud Platform project ID |
| `GOOGLE_DRIVE_API_KEY` | Google Drive API key |
-| `AUTH_GOOGLE_ENABLED` | Enables Google authentication (default=false) |
-| `AUTH_ENABLE_GCLOUD_ADC` | Enables Google Cloud Application Default Credentials (default=false) |
+| `AUTH_GOOGLE_ENABLED` | Enables Google authentication (default=false) |
+| `AUTH_ENABLE_GCLOUD_ADC` | Enables Google Cloud Application Default Credentials (default=false) |
+| `AUTH_GOOGLE_INCLUDE_BIGQUERY_SCOPE` | When `true`, bundles the BigQuery scope into the Google login flow so BigQuery SSO users complete a single consent screen instead of two (default=false) |
## Embedding
diff --git a/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash.mdx b/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash.mdx
index c816741c..4e0f92ce 100644
--- a/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash.mdx
+++ b/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash.mdx
@@ -141,9 +141,22 @@ These environment variables must be provided to Lightdash to enable you to contr
| Variable | Description | Required? | Default |
| :---------------------------------- | :------------------------------------------- | :---------: | :-------: |
-| `AUTH_GOOGLE_ENABLED` | Required to be set to `true` for Google SSO | | |
-| `AUTH_GOOGLE_OAUTH2_CLIENT_ID` | Required see instructions above | | |
-| `AUTH_GOOGLE_OAUTH2_CLIENT_SECRET` | Required see instructions above | | |
+| `AUTH_GOOGLE_ENABLED` | Required to be set to `true` for Google SSO | | |
+| `AUTH_GOOGLE_OAUTH2_CLIENT_ID` | Required see instructions above | | |
+| `AUTH_GOOGLE_OAUTH2_CLIENT_SECRET` | Required see instructions above | | |
+| `AUTH_GOOGLE_INCLUDE_BIGQUERY_SCOPE` | When `true`, bundles the BigQuery scope into the Google login flow so BigQuery SSO users see a single consent screen instead of two | | `false` |
+
+### Combine BigQuery SSO consent with Google login
+
+If you use [BigQuery SSO](/references/workspace/sso-providers#warehouse-sso-enterprise-only) to give users per-user warehouse credentials, set `AUTH_GOOGLE_INCLUDE_BIGQUERY_SCOPE=true` to request the BigQuery scope during the initial Google login. Users will complete one consent screen that covers both Lightdash login and BigQuery warehouse access instead of two separate OAuth flows.
+
+When enabled, Lightdash also requests offline access with a forced consent prompt so Google returns a refresh token for the BigQuery connection. Leave this unset (or `false`) if you do not use BigQuery SSO.
+
+Before enabling this option:
+
+- Confirm Google SSO is configured and working (`AUTH_GOOGLE_ENABLED=true`).
+- Add the `https://www.googleapis.com/auth/bigquery` scope to your OAuth consent screen in Google Cloud.
+- Enable BigQuery SSO at the project level for the warehouse connections that should use it.
## One Login