Google SSO SAML configuration
To configure a Google SAML Single Sign-On with your project, first log in with you Google Workplace account (formerly G Suite). If you don’t have a Google Workplace account, create one by visiting https://workspace.google.com/. The admin.google.com is used for Google Workspace accounts only. Regular Gmail accounts cannot be used to sign in to admin.google.com
Once you have logged in with your Google workplace account, click on the Admin console at the top (or) you use the link https://admin.google.com
As you would be connecting Google SAML SSO with your Document360 project, it would be easier to have both the pages in two different tabs/windows of your browser.
Adding a custom SAML app on Google
- In the admin console home page, click on the Apps option and select SAML apps option
- Click on Add app and in the dropdown select Add custom SAML app
- In the App details, enter any name for your app and click on Continue
- In Option 2, you would find the information like SSO URL, Entity ID, and Certificate
- This information has to be copied to Document360 SSO settings
- In the Certificate section click on the Download icon to save the certificate (.pem format) in your computer’s local storage.
- This certificate would be required to upload in your Document360 SSO settings page
As Document360 does not .pem as certificate file format, it has to be converted to a .crt format. It can be converted in a number of ways. The easy one is to use the open SSL command,
openssl x509 -outform pem -in your-cert.pem -out your-cert.crt
Document360 SAML basic configuration
- Now in your Document360 portal, click on Settings, select Enterprise SSO
- In the SAML tab you would find Setup your application and SAML basic configuration sections
- In SAML basic configurations, add the info copied from Google custom SAML app page
|Document360 SSO settings||Info from Google custom SAML app|
|Email domains||NA (The email domains you want to add for SSO)|
|Sign On URL||SSO URL|
|Entity id||Entity ID|
|Sign Out URL (Optional)||NA|
|SAML Certificate||Certificate (Upload the recently converted .crt file you downloaded from Google)|
- When you're done click on Continue
Service Provider details
To configure single sign on, add service provider details such as ACS URL and entity ID.
- These details should be obtained from the Document360 Enterprise SSO page
- Go to Settings → Advanced → Enterprise SSO → SAML tab
- In the Setup your application section, copy the following parameters and paste in the Google custom SAML app page
|Google custom SAML app||Document360 SSO SAML settings|
|ACS URL||Callback path|
|Entity ID||Service provider entity Id|
|Start URL (optional)|
- In Name ID format select EMAIL from the dropdown
- In Name ID select Basic Information > Primary email
- Click on Continue button
Add and select user fields in Google Directory, then map them to service provider attributes. Add the following attribute.
|Google Directory attributes||App attributes|
Click on Add Mapping button each time you add an attribute and when you’re done click on the Finish button.