Single Sign On (SSO) for Google Workspace with Identity
Single Sign-On (SSO) enables users to authenticate once and access multiple services without needing separate credentials for each one. For organizations using Google Workspace, integrating Identity as an Identity Provider (IdP) centralizes user authentication, simplifies access control, and enhances security.
This guide will walk you through the steps to configure Identity as the Identity Provider for Google Workspace, allowing your users to log in seamlessly using Identity.
Prerequisites
Before starting, ensure you have:
- Admin access to both Google Workspace and Identity.
- Familiarity with SAML, the protocol used for this integration.
Step 1: Access the Identity Provider Server Profile
- Log in to the Identity Admin Console
- Access the Identity Admin Console using your admin credentials.
- View Identity Provider Server Profile
- Navigate to "Idp Server Profile" under "SAML 2.0". This page contains the essential configuration details needed to set up Google Workspace as a service provider.
- Keep the page accessible as you will need the values shown (such as SSO URL, Entity ID, and X.509 certificate) to configure Google Workspace to use Identity as the Identity Provider.
Step 2: Configuring Google Workspace for SSO
Now, you’ll configure Google Workspace to recognize Identity as its Identity Provider.
- Log in to the Google Admin Console
- Open the Google Admin Console at
admin.google.com
using your administrator credentials.
- Open the Google Admin Console at
- Navigate to Security Settings
- From the main dashboard, go to Security > Authentication > SSO with third party IdP.
- Third-party SSO profile for your organization
- Check "Set up SSO with third-party identity provider"
- Enter Sign-in page URL E.g. https://identity.celusion.dev/app/saml/login
- Enter Sign-out page URL E.g. https://identity.celusion.dev/app/saml/logout
- Upload the X.509 certificate downloaded from Identity. This secures communication between Google Workspace and Identity.
- Check "Use a domain specific issuer". If the option is selected, the Entity ID / Issuer passed during a SAML request will be google.com/a/celusion.com. If not selected the Entity ID / Issue passed will be google.com
- Save Changes
After entering all the necessary details, click Save to apply the SSO settings. There are other optional configurations available to improve the user experience, create multiple SAML profiles to support multiple IdP.
Step 3: Configure Google Workspace as the Service Provider
Once Google Workspace is configured, return to Identity to set it up as the Service Provider.
- Log in to the Identity Admin Console
- Access the Identity Admin Console using your admin credentials.
- Create a New Service Provider
- Navigate to the "Service Providers" section under "SAML 2.0" and click on "New Service Provider."
- Enter Google Workspace Configuration Details
- Name: Give a friendly name when displaying the service provider (e.g., Google).
- Entity ID: This is the unique identifier for your Google Workspace instance, which you will find in the Google Workspace SSO settings. (e.g. google.com/a/celusion.com)
- Assertion Consumer URI: This is the URL where Google Workspace will receive authentication responses. You can find this URL in your Google Workspace account under the SSO settings. (e.g. https://www.google.com/a/celusion.com/acs
- Save the New Service Provider
- Once all details are entered, save the new service provider.
Logout of Identity
Log out of Identity. This is required to ensure that a login prompt is shown when testing SSO from Google Workspace. If you do not log out, Google Workspace will attempt the SSO with the current administrative user logged in to Identity.
Step 4: Test Your Integration
With the setup complete, it's time to test the integration.
- Test User Login
- Attempt to log in to Google Workspace (E.g. https://mail.google.com/a/celusion.com) with a test user. You should be redirected to the Identity login page, where users will authenticate.
- After entering your test user credentials and successfully authenticating on Identity, you will be redirected to the Google Workspace application.
Video Tutorial
We've also created a comprehensive video tutorial on YouTube that walks you through the entire SSO setup process for Google Workspace using Identity as the Identity Provider. Watch it here to see each step in action!
Conclusion
By following these steps, you’ve successfully configured Identity as the Identity Provider for Google Workspace. This integration simplifies user authentication, improves security, and provides a seamless login experience for your organization. Testing the setup ensures that everything works