SSO - Google

Wiki HomeTitle Index

How to set up Google SSO

Step 1: Access your Admin app

Select your Google Apps and locate the Admin App
The Admin app.

Step 2: Select Apps

Select the Apps icon
The Apps icon.

Step 3: Select SAML apps

Select the SAML Apps icon
The SAML apps card.

Step 4: Select Add a service/App to your domain

You will need to add a new service
The add a service button.

Step 5: Select My Own Custom App

An Igloo App will not exist, as result, you will need to select the option to create your own custom App
The Setup my own custom app option.

Step 6: Copy the following idP information

Copy the SSO URL, and download the Certificate. These will be used when setting up the Igloo side of SSO
The Google IdP information window.

Step 7: Provide an Application Name

An application name is mandatory, and will determine how the app will appear in your list of applications. You can further add a description and image.
The Basic information for your Custom App page.

Step 8: Configure the service provider details

The ACS URL and Entity ID will both be your digital workplace URL with /saml.digest appended to it. The Start URL will be your workplace URL. Leave signed response unchecked, and ensure that the Name ID is set to Primary Email.
The Service Provider Detail page.

Step 9: Add new mappings

Select Add New Mapping
The Attribute Mapping page.

Step 10: Attribute Mapping

Add the following mappings:
- FName - Basic Information - First Name
- LName - Basic Information - Last Name
- Email - Basic Information - Primary Email
Configured attribute mappings.

Step 11: Turn your new SAML configuration on

Select the vertical ellipses associated with your new SAML App and turn it ON
Turning the SAML App on for a set of users.

  • The next series of steps take place back in your workplace

Step 12: Access your sign in settings

From your Control Panel, select Sign in Settings located underneath the Membership heading.
The Sign in Settings option on the Control Panel.

Step 13: Select configure SAML Authentication

At the bottom of the Sign in Settings options, there is a link Configure SAML Authentication, select it.
The Configure SAML Authentication button.

Step 14: General configuration

Copy the SSO URL from Step 6 into the field IdP Login URL. Then copy the X.509 Certificate from Step 6 to the Public Certificate field of the General Configuration. You will need to open up the file you downloaded used a text editor.
The General Configuration section.

Step 15: Response and Authentication Configuration

Ensure that your settings for this section matches those in the image below. The attribute statements are:

  • Email /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=Email]/saml:AttributeValue
  • First Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=FName]/saml:AttributeValue
  • Last Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=LName]/saml:AttributeValue
    The Response and Authentication section.

Step 16: Other settings

Ensure that your remaining settings match those below. Select Save to apply all your changes. For more details on those settings, see the general SSO setup documentation.

0 Comments

  • 2,185 views
  • 0 previews
  • 11 versions
  • 0 comments
  • 1 follower
     
    1 subscriber is following updates on this item.
Labels:

Authentication

Avg. Rating:
Updated By:
Jesse Langstaff
 
August 3, 2021
Posted By:
Matthew Seabrook
 
September 4, 2017
Versions:
v.11
Search this area
Viewed 2,185 times