This article describes how to configure Google as your workplace's single sign-on identity provider (IdP). This process involves making modifications to your Google environment as well as your digital workplace. Once complete, users of your digital workplace will be able to sign in to it using their Google credentials.
To follow this process, you must be able to add applications to your Google environment and be a workplace administrator in your digital workplace.
Sections in this article:
Configuring a Google single sign-on application
Follow these steps to configure a SAML app in your Google environment:
- Select Google Apps followed by Admin.
- Select Apps.
- Select the SAML apps.
- Select Add a service/App to your domain.
Select Setup My Own Custom App.
Copy the following idP information and then select Next:
- SSO URL
- Enter an Application Name and then select Next.
- Configure the service provider details and then select Next:
- ACS URL: Enter your digital workplace URL with /saml.digest appended to it.
- Entity ID: Enter your digital workplace URL with /saml.digest appended to it.
- Start URL: Enter your digital workplace URL.
- Signed Response: Don't select.
- Name ID: Set to Primary Email.
- Select Add New Mapping.
- Create the following mappings and then select Finish:
- FName - Basic Information - First Name
- LName - Basic Information - Last Name
- Email - Basic Information - Primary Email
- Select the vertical ellipses associated with your new SAML App and turn it o
Configuring your digital workplace's single sign-on
- Go to your digital workplace and sign in.
- Select Control Panel.
- Under Membership, select Sign In Settings.
- Select Configure SAML Authentication.
- Configure the settings as described in the Configuration settings table below.
- Select Save.
|Enter a name for this connection. If you configure Sign in Settings to Use SAML button on Sign in screen, this name will be displayed on the button.
|IdP Login URL
Copy and paste the SSO URL URL from the Google set-up instructions into this field.
|IdP Logout URL
|Leave this field blank; Google does not support SLO.
|Logout Response and Request HTTP Type
|Ignore this option; Google does not support SLO.
|Logout Final Redirect URL
|Enter the URL of the location you want to send users to when they log out. If left blank, users will be redirected to your digital workplace's homepage.
Copy and paste the Certificate from the Google set-up instructions into this field. You will need to open the certificate file using a text editor.
Select Email Address.
|Session Index Path
|First Name Path
|Last Name Path
|User creation on Sign in
Select how your digital workplace handles users who attempt to sign in when they have valid IdP credentials but are not members of the digital workplace.
When creating new users in your digital workplace this way, they will be created with the following details:
If enabled, this option does not provide any additional user syncing functionality (e.g., additional fields, group membership, deprovisioning, etc.).
If your digital workplace uses the ILST to manage members, select Do not create new users when they sign in to avoid the creation of duplicate user accounts.
|Sign in Settings
Select how users sign in to your workplace.
For setting up and testing the connection, it can be convenient to temporarily select Use SAML button on "Sign in" screen and then only switch to Redirect all users to IdP once you have confirmed that single sign-in is working correctly.