Google Workspace Single Sign On#
- Using protocol: SAML
Google workspace configuration#
- Log into
admin.google.comwith administrative privilege user.
SSO with third party IdP
Add SSO Profile
Set up SSO with third-party identity provider
Sign-in page URL:
Sign-out page URL:
Verificiation certificate: Log into your Gluu Server and grab
~inside_container/etc/certs/. Upload it.
- Save configuration.
Gluu Server configuration#
Configure a NameID based on
NameId type would be:
Create Trust Relationship:
We need to write a quick metadata for Google workplace which we are going to use in trust relationship.
Metadata is attached below. Deployer need to modify that according to their own DNS entry.
<EntityDescriptor entityID="google.com/a/company.org" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/company.org/acs" > </AssertionConsumerService> </SPSSODescriptor> </EntityDescriptor>
- Create a trust relationship with above metadata and release "Email" attribute.
- Create test user who is aligned with your Google Workspace user (for testing purposes). Our test user is 'email@example.com' which is available in both Google and Gluu Server.
Initiate SSO with
docs.google.com/a/gluu.org and it would look as demonstrated in this video.