How to set up Google SSO

Step 1: Access your Admin app

Select your Google Apps and locate the Admin App

Step 2: Select Apps

Select the Apps icon

Step 3: Select SAML apps

Select the SAML Apps icon

Step 4: Select Add a service/App to your domain

You will need to add a new service

Step 5: Select My Own Custom App

An Igloo App will not exist, as result, you will need to select the option to create your own custom App

Step 6: Copy the following idP information

Copy the SSO URL, and download the Certificate. These will be used when setting up the Igloo side of SSO

Step 7: Provide an Application Name

An application name is mandatory, and will determine how the app will appear in your list of applications. You can further add a description and image.

Step 8: Configure the service provider details

The ACS URL and Entity ID will both be your digital workplace URL with /saml.digest appended to it. The Start URL will be your workplace URL. Leave signed response unchecked, and ensure that the Name ID is set to Primary Email.

Step 9: Add new mappings

Select Add New Mapping

Step 10: Attribute Mapping

Add the following mappings:
- FName - Basic Information - First Name
- LName - Basic Information - Last Name
- Email - Basic Information - Primary Email

Step 11: Turn your new SAML configuration on

Select the vertical ellipses associated with your new SAML App and turn it ON

• The next series of steps take place back in your workplace

Step 12: Access your sign in settings

From your Control Panel, select Sign in Settings located underneath the Membership heading.

Step 13: Select configure SAML Authentication

At the bottom of the Sign in Settings options, there is a link Configure SAML Authentication, select it.

Step 14: General configuration

Copy the SSO URL from Step 6 into the field IdP Login URL. Then copy the X.509 Certificate from Step 6 to the Public Certificate field of the General Configuration. You will need to open up the file you downloaded used a text editor.

Step 15: Response and Authentication Configuration

Ensure that your settings for this section matches those in the image below. The attribute statements are:

• Email /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=Email]/saml:AttributeValue
• First Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=FName]/saml:AttributeValue
• Last Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=LName]/saml:AttributeValue
  

Step 16: Other settings

Ensure that your remaining settings match those below. Select Save to apply all your changes. For more details on those settings, see the general SSO setup documentation.