Your video shows users signing themselves up. I don't want that, as its a closed environment - all the users are already have google apps accounts. I want to create OE accounts, and link them to the google apps accounts so they can log in with their google credentials.

The point of the video is that "password change" emails, sent to users contain a special link that gives them the opportunity to stop using UID/PWD authentication and start using Google authentication.

I don't want them to EVER have a username and password. That's the entire point of single sign on, federated credentials. I now see that the title you suggested for this question is in fact misleading, I'll change back to what I had originally.

I have updated my answer to respond to that.

Thanks Martin, appreciate the answers etc. but I think something is being missed here. If you see my earlier comment, I do not want people to be able to sign up with any account they have. I have a big organisation. Only some of them must be on OE. I want to create OE accounts, and then just link them (like for example, via email address or some other oauth token) to their google accounts. So they don't create an account. I do. Then they're linked. And then they can log in.

But . . . you do know that you can create an account for them in OE and send them the invitation email, yes? If so, then you are really asking how to block password use, right? An easy way to do that would be to have a cron job run an update on the user table setting all passwords to a random sequence every hour or so. You can alter the invitation email to inform your users that you will not permit passwords to be used. That's done in Settings | Technical | Email | Templates -- record named "Reset Password".

Can't see any such field anywhere unfortunately. I have technical options enabled.

do you have the auth_oauth module enabled?

I do yes - I've filled in my google oauth details within the setup page. If I log out, there is a login with google button.