SSO for GSuite
In this section, you will find steps to use cidaas as an extension to GSuite by configuring SSO setup.
If you are in this section, we assume you are already using GSuite, and would like to connect cidaas with your GSuite instance!
Overall process would be
- Activating SAML provider option in your cidaas application
- Get MetaData from cidaas
- Configure SSO in GSuite admin console
- Verify your configuration
How to configure cidaas as an extension
By configuring cidaas as an extension for GSuite, you can login to GSuite services with your cidaas credentials.
We will guide you through the process — it is quite easy!
Activate SAML provider
You need to activate SAML in your cidaas application, as GSuite's integration of an external Identity Provider is based on SAML.
In this section, we'll explain the steps on how to enable SAML IDP Provider for your cidaas application and how to add your GSuite domain to SP meta data of your cidaas application.
If you don't have any active appliction in your cidaas account and you wants to create a new application, refer to steps to create cidaas application section below.
Steps to activate SAML settings
1. In the edit-mode of your cidaas application, scroll down to the bottom and select Enterprise Provider. Then click on SAML Settings.
2. Click on Enable SAML IDP Provider button.
3. Once enabled, SAML settings options will appear. Click on Save button to save your configuration.
4. Now you need to add SP Metadata in SAML Settings.
Enter following specification in SP Metadata field.
<?xml version="1.0" encoding="UTF-8" ?> <EntityDescriptor entityID="google.com/a/<YOUR_DOMAIN>" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/< YOUR_DOMAIN>/acs"></AssertionConsumerService> </SPSSODescriptor> </EntityDescriptor>
Exchange "< YOUR_DOMAIN >" by your domain defined in G Suite.
Click on Save button to update the changes.
Get MetaData from cidaas
To configure GSuite, you need to upload your signing certificate, so first step is to download this one in cidaas.
Here, you'll find the steps to download signing certificate of your cidaas application along with login and logout url's.
Steps to get MetaData from cidaas
1. Click on View SAML button.
2. The following screen will apppear. Click on Download signing certificate.
3. Collect the Login and Logout URL of cidaas.
You will find the required URLs, if you click on View SAML button which is right next to SAML Meta Data URL.
You will get an XML file like the one appearing below,
In that, Look out the content of following tags
i. SingleSignOnService > Location ii. SingleLogoutService > Location
where you get the values for login and logout url's.
Configure SSO in GSuite Admin console
Now you need to add cidaas signing certificates to the security section of your GSuite admin console. In this section, you'll find the steps to upload signing certificate and steps to add login, logout URL provided by cidaas to your GSuite admin console.
Steps to configure GSuite admin console
1. Navigate to G suite admin console. Select Security from the side menu and then select Settings submenu.
Select Set up single sign-on (SSO) with a third party IdP.
2. Upload the signing certificate and enter Login and Logout URL here, which you get from your cidaas application.
3. Scroll down and click on Save button to update your changes.
Congratulations! We are now done with the setup!
Verifying your Configuration
You can now verify configurations made in your Guite admin console.
1. Now access your service through gsuiteservice.google.com/a/yourdomain.com (Find more information here)
2. You will be redirected to cidaas Login UI.
3. Use any of the previously configured authentication method of cidaas to login.
Steps to create cidaas app
In order to get signing certificate,login and logout url's, you need to cretae an "App" in cidaas. This section provides steps to create "App" using cidaas administration interface, which is available after you sign up with cidaas.
1. Navigate to cidaas Administrator dashboard -> Apps -> App Settings.
2. Click on Create New App button.
3. Enter app name and then select App type as Single Page.
4. Under App Settings, select 'email', 'openid', 'profile' as Scopes.
5. Fill out all required information and click on Save button.