Single Sign On (SSO) for Google Workspace with Identity

September 25, 2024

Single Sign-On (SSO) enables users to authenticate once and access multiple services without needing separate credentials for each one. For organizations using Google Workspace, integrating Identity as an Identity Provider (IdP) centralizes user authentication, simplifies access control, and enhances security.

This guide will walk you through the steps to configure Identity as the Identity Provider for Google Workspace, allowing your users to log in seamlessly using Identity.

Prerequisites

Before starting, ensure you have:

  • Admin access to both Google Workspace and Identity.
  • Familiarity with SAML, the protocol used for this integration.

Step 1: Access the Identity Provider Server Profile
  • Log in to the Identity Admin Console
    • Access the Identity Admin Console using your admin credentials.
  • View Identity Provider Server Profile
    • Navigate to "Idp Server Profile" under "SAML 2.0". This page contains the essential configuration details needed to set up Google Workspace as a service provider.
    • Keep the page accessible as you will need the values shown (such as SSO URL, Entity ID, and X.509 certificate) to configure Google Workspace to use Identity as the Identity Provider.
Identity SAML Profile

Step 2: Configuring Google Workspace for SSO

Now, you’ll configure Google Workspace to recognize Identity as its Identity Provider.

  • Log in to the Google Admin Console
    • Open the Google Admin Console at admin.google.com using your administrator credentials.
  • Navigate to Security Settings
    • From the main dashboard, go to Security > Authentication > SSO with third party IdP.
  • Third-party SSO profile for your organization
    • Check "Set up SSO with third-party identity provider"
    • Enter Sign-in page URL E.g. https://identity.celusion.dev/app/saml/login
    • Enter Sign-out page URL E.g. https://identity.celusion.dev/app/saml/logout
    • Upload the X.509 certificate downloaded from Identity. This secures communication between Google Workspace and Identity.
    • Check "Use a domain specific issuer". If the option is selected, the Entity ID / Issuer passed during a SAML request will be google.com/a/celusion.com. If not selected the Entity ID / Issue passed will be google.com
  • Save Changes

After entering all the necessary details, click Save to apply the SSO settings. There are other optional configurations available to improve the user experience, create multiple SAML profiles to support multiple IdP.

Google Workspace Third Party SSO

Step 3: Configure Google Workspace as the Service Provider

Once Google Workspace is configured, return to Identity to set it up as the Service Provider.

  • Log in to the Identity Admin Console
    • Access the Identity Admin Console using your admin credentials.
  • Create a New Service Provider
    • Navigate to the "Service Providers" section under "SAML 2.0" and click on "New Service Provider."
  • Enter Google Workspace Configuration Details
    • Name: Give a friendly name when displaying the service provider (e.g., Google).
    • Entity ID: This is the unique identifier for your Google Workspace instance, which you will find in the Google Workspace SSO settings. (e.g. google.com/a/celusion.com)
    • Assertion Consumer URI: This is the URL where Google Workspace will receive authentication responses. You can find this URL in your Google Workspace account under the SSO settings. (e.g. https://www.google.com/a/celusion.com/acs
  • Save the New Service Provider
    • Once all details are entered, save the new service provider.

Logout of Identity

Log out of Identity. This is required to ensure that a login prompt is shown when testing SSO from Google Workspace. If you do not log out, Google Workspace will attempt the SSO with the current administrative user logged in to Identity.

Identity Google General Settings
Identity Google Authentication Details
Step 4: Test Your Integration

With the setup complete, it's time to test the integration.

  • Test User Login
    • Attempt to log in to Google Workspace (E.g. https://mail.google.com/a/celusion.com) with a test user. You should be redirected to the Identity login page, where users will authenticate.
    • After entering your test user credentials and successfully authenticating on Identity, you will be redirected to the Google Workspace application.
Google Workspace Dashboard

Video Tutorial

We've also created a comprehensive video tutorial on YouTube that walks you through the entire SSO setup process for Google Workspace using Identity as the Identity Provider. Watch it here to see each step in action!

Conclusion

By following these steps, you’ve successfully configured Identity as the Identity Provider for Google Workspace. This integration simplifies user authentication, improves security, and provides a seamless login experience for your organization. Testing the setup ensures that everything works

Single Sign On (SSO) for Google Workspace with Identity
Sep 25, 2024

Streamline access by configuring Identity as the third-party Identity Provider for all Google Workspace apps, including Mail, Calendar, and Drive.

Smart Lending: How Portals Revolutionize Lending Experience
Sep 23, 2024

Smart Lending: Customer portals enhance lending by offering convenience, security, and personalized services, helping BFS companies engage and retain customers.

Setup Single Sign On (SSO) for Grafana with Identity
Sep 18, 2024

In this guide, we'll walk you through the steps to set up SSO integration in Grafana using Identity, the workforce, customer and citizen identity management solution.