SSO - Google

Features and Functionality

Last Updated:

February 21, 2023

Jesse Langstaff

| Version: 12

| 3,240 views

| 1 follower

Publication details

Authentication

How to set up Google SSO

Step 1: Access your Admin app

Select your Google Apps and locate the Admin App
The Admin app.

Step 2: Select Apps

Select the Apps icon
The Apps icon.

Step 3: Select SAML apps

Select the SAML Apps icon
The SAML apps card.

Step 4: Select Add a service/App to your domain

You will need to add a new service
The add a service button.

Step 5: Select My Own Custom App

An Igloo App will not exist, as result, you will need to select the option to create your own custom App
The Setup my own custom app option.

Step 6: Copy the following idP information

Copy the SSO URL, and download the Certificate. These will be used when setting up the Igloo side of SSO
The Google IdP information window.

Step 7: Provide an Application Name

An application name is mandatory, and will determine how the app will appear in your list of applications. You can further add a description and image.
The Basic information for your Custom App page.

Step 8: Configure the service provider details

The ACS URL and Entity ID will both be your digital workplace URL with /saml.digest appended to it. The Start URL will be your workplace URL. Leave signed response unchecked, and ensure that the Name ID is set to Primary Email.
The Service Provider Detail page.

Step 9: Add new mappings

Select Add New Mapping
The Attribute Mapping page.

Step 10: Attribute Mapping

Add the following mappings:
- FName - Basic Information - First Name
- LName - Basic Information - Last Name
- Email - Basic Information - Primary Email
Configured attribute mappings.

Step 11: Turn your new SAML configuration on

Select the vertical ellipses associated with your new SAML App and turn it ON
Turning the SAML App on for a set of users.

The next series of steps take place back in your workplace

Step 12: Access your sign in settings

From your Control Panel, select Sign in Settings located underneath the Membership heading.
The Sign in Settings option on the Control Panel.

Step 13: Select configure SAML Authentication

At the bottom of the Sign in Settings options, there is a link Configure SAML Authentication, select it.
The Configure SAML Authentication button.

Step 14: General configuration

Copy the SSO URL from Step 6 into the field IdP Login URL. Then copy the X.509 Certificate from Step 6 to the Public Certificate field of the General Configuration. You will need to open up the file you downloaded used a text editor.
The General Configuration section.

Step 15: Response and Authentication Configuration

Ensure that your settings for this section matches those in the image below. The attribute statements are:

Email /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=Email]/saml:AttributeValue
First Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=FName]/saml:AttributeValue
Last Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=LName]/saml:AttributeValue

Step 16: Enable/Disable SAML provisioning of new members

Select how your digital workplace handles users who attempt to sign in to your digital workplace when they have valid credentials but are not members of the workplace.

If your digital workplace uses the ILST to manage members, select Do not create new users when they sign in to avoid the creation of duplicate user accounts.

Step 17: Enable/Disable SAML provisioning of new members

Use SAML button on "Sign in" screen: Adds a SSO sign in button to the Igloo Authentication page.

Redirect all users to IdP: Automatically redirects members to your ADFS sign in page if they attempt to access the workplace without an existing session.