Google SSO SAML configuration
  • 28 Jan 2023
  • 2 Minutos para leer
  • Colaboradores
  • Oscuro
    Ligero
  • PDF

Google SSO SAML configuration

  • Oscuro
    Ligero
  • PDF

There is no Spanish content available for this article, You are viewing the fallback version (English).

To configure a Google SAML Single Sign-On with your project, first log in with your Google Workplace account (formerly G Suite).

If you don't have a Google Workplace account, create one by visiting https://workspace.google.com/.

The admin.google.com is used for Google Workspace accounts only. Regular Gmail accounts cannot be used to sign in to admin.google.com.

Once you have logged in with your Google workplace account, click on the Admin console at the top (or) use the link https://admin.google.com{target= "_blank"}

Pro tip

As you would be connecting Google SAML SSO with your Document360 project, it would be easier to have both the pages in two different tabs/windows of your web browser.


Adding a custom SAML app on Google

  1. On the admin console home page, click on the Apps option and select the SAML apps option
  2. Click on Add app and in the dropdown, select Add custom SAML app
  3. In the App details, enter any name for your app and click on Continue
  4. In Option 2, you can find the information like SSO URL, Entity ID, and Certificate
  5. This information has to be copied to Document360 SSO settings
  6. In the Certificate section, click on the Download icon to save the certificate (.pem format) in your computer's local storage
  7. This certificate is required to upload to your Document360 SSO settings page

41_Screenshot-Google-user-access-service-status

  1. In User access, the Service status will by default be OFF for everyone. You have to manually change it to ON for everyone to work.

42_Screenshot-Google-user-access-changing-service-status

Here's how your SAML app would look after configuring it on the Google side.

44-Screenshot_Replace_file_Google_SSO_SAML


Document360 SAML basic configuration

  1. Now, in your Document360 portal, click on SettingsUsers & SecuritySAML/OpenIDSAML
  2. In the SAML tab, you can find Setup your application and SAML basic configuration sections
  3. In SAML basic configurations, add the info copied from Google custom SAML app page
Document360 SSO settings Info from Google custom SAML app
Email domains NA (The email domains you want to add for SSO)
Sign On URL SSO URL
Entity id Entity ID
Sign Out URL (Optional) NA
SAML Certificate Certificate (Upload the recent .pem file you downloaded from Google)
  1. When you're done, click on Continue

Service Provider details

To configure Single Sign-On (SSO), add Service Provider (SP) details such as ACS URL and entity ID.

  1. These details should be obtained from the Document360 Enterprise SSO page
  2. Go to SettingsUsers & SecuritySAML/OpenIDSAML(tab)
  3. In the Setup your application section, copy the following parameters and paste them onto the Google custom SAML app page
Google custom SAML app Document360 SSO SAML settings
ACS URL Callback path
Entity ID Service provider entity Id
Start URL (optional)
  1. In Name ID format select EMAIL from the dropdown
  2. In Name ID select Basic Information > Primary email
  3. Click on Continue button

Attributes

Add and select user fields in Google Directory, then map them to service provider attributes. Add the following attribute.

Google Directory attributes App attributes
Primary email name
Primary email email
Primary email urn:oasis:names:tc:SAML:2.0:nameid

Click on the Add Mapping button each time you add an attribute, and when you're done, click on the Finish button.


¿Te ha sido útil este artículo?