Skip to content

Configure Single Sign-On for G-Suite

To integrate G-Suite with Securden, you need to follow these steps:

Pre-requisite

You need to possess a super administrator account to proceed further.

  1. Open the Google Admin console.
  2. From the admin console home page, go to Apps >> Web and Mobile Apps.
  3. Click Add App >> Add Custom SAML app.
  4. On the App Details page:
    • Enter the name of the custom app (here Securden).
    • Upload an app icon (Optional). The app icon appears on the web and mobile apps list, the app settings page, and the app launcher. If you don't upload an icon, an icon is created using the first two letters of the app name.
  5. Click Continue.
  6. On the Google Identity Provider details page, get the setup information needed by the service provider using one of these options:
    • Download the IDP metadata.
    • Copy the SSO URL and Entity ID and download the Certificate (or SHA-256 fingerprint, if needed).
  7. In a separate browser tab or window, sign in to your service provider and enter the information you copied into the appropriate SSO configuration page, then return to the Admin console. (Optional)
  8. Click Continue.
  9. In the Service Provider Details window, enter an ACS URL, Entity ID, and Start URL (if needed) for your custom app. These values are all provided by the service provider.

    Note: The ACS URL has to start with https://

  10. The default Name ID is the primary email. Multi-value input is not supported.
  11. Click Continue.
  12. Under Google Directory Attributes, click the Select Field menu to choose a field name. Then, enter the corresponding attribute for your custom SAML app under App Attributes.
  13. Click Finish.

Turn on your SAML App

  1. Click User Access.
  2. To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
  3. To turn a service on or off for an organizational unit (Optional):
    • At the left, select the organizational unit.
    • Select On or Off.
    • Click Override to keep your setting if the service for the parent organizational unit is changed.
    • If Overridden is already set for the organizational unit, choose an option:
      • Inherit — Reverts to the same setting as its parent.
      • Save —Saves your new setting (even if the parent setting changes).
  4. To turn on a service for a set of users across or within organizational units, select an access group.
  5. Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain.