Google GSuite

as a SAML2.0 identity provider

This allows you to use Google GSuite for SAML 2.0 log-in.

Step 1. Create SAML App in Google Admin
Login to your G Suite administrator account and navigate to Apps -> SAML Apps. Create a new App.
At Step 1 choose Setup My Own Custom App at the bottom of the dialog.
saml-enable-sso
Step 2 of the dialog will display the Identity’s Provider info.

Step 2. Configure the SAML Connection in YArooms
Inside a new browser tab, login as an administrator to your YArooms domain. Navigate to Integrations -> SAML 2.0 Authentication and start the integration process. In the Connection tab, fill in the form as follows:

    • Identity Provider: Type Google SAML (this is a label, any value is accepted, it will appear on the login page as "Authenticate with Google SAML")
    • Issuer URL: Copy and paste the value for Entity ID from Google IdP Information.
    • SAML Endpoint: Copy and paste the value for SSO Url from Google IdP Information - or type a placeholder URL (this link is temporary, it will be changed later)
    • X.509 Certificate: Download the certificate from the Google IdP Information dialog. Open the .pem file with a text editor and copy its contents to the YArooms Connection form.
      saml-google-idpsaml-begin-certificate
    • Name ID Format: choose emailAddress as value.
    • Attributes Mapping:
      saml-google-attributes-mapping
      • Map First Name to FirstName
      • Map Last Name to LastName

Save options and navigate to User options tab. Set default group and location for the new users, created with data from the Identity Provider.
saml-google-user-options

Save User options and navigate to Application details tab. The values present in this tab will be used in next step. Please note these are placeholders and actual URLs will be dependant on your YArooms account.
saml-google-application-details

Step 3. Fill Service Provider Details in the Google App
Back to the Google App, the dialog should now be in step 4. Fill in the fields as follows:

    • ACS URL: Paste the value from the ACS (Consumer) URL field from YArooms Application details.
    • Entity ID: Paste the URL of your YArooms domain. Eg: https://mycompany.yarooms.com/
    • Name ID: Basic Information, Primary Email
    • Name ID Format: EMAIL

Save and move to Attribute Mapping.

Step 4. Map Attributes in the Google App
Define the next value set for mapped attributes:

    • FirstName - Basic Information - First Name
    • LastName - Basic Information - Last Name    saml-google-provide-mapping

Save the Application.
In Google Admin, navigate to Apps -> SAML Apps. Turn the App on and configure the user settings accordingly.
saml-google-on-for-everyone

Step 5. Fix the SAML Endpoint in YArooms Connection Settings
To get the valid SAML Endpoint for the newly created Google SAML App, go to Google Admin. Open the Google App menu and look for the YArooms SAML application previously created.
saml-google-copy-link-address
Right click (or Control-click on Mac) and select Copy Link Address. Go to YArooms Connection tab and paste the link in the SAML Endpoint field. It should look like https://accounts.google.com/o/saml2/initsso?idpid=C012abcde&spid=123456789012&forceauthn=false
Save Connection settings. Go to Application details tab and activate YArooms SAML 2.0 Integration.

 

Note: Proper user provisioning and assignment in G Suite are not topics covered by this tutorial which assumes you already know how to configure G Suite options that are specific to how your organisation sets up its users. The assignment of access for users to the newly configured YArooms app is one of these topics.

 

x

Cookies

YArooms uses cookies, a vital component of the web without which this website would not function. Find out more in our Privacy Policy.