Google SAML Configuration

Introduction

This article outlines the information and steps you need to take in order to configure Google to use the Hypersocket SAML Identity Provider. Once configured your users will be redirected to your Hypersocket Server to authenticate. 

 

Step 1 - Create the Resource from the Template

Log into your server as admin and navigate to Single Sign On -> SAML. Select Search Templates and select the Google template and click Next.

You will be asked for your Google domain name. Enter the primary domain name of your Google account, for example 'hypersocket.com'

 Click Next and you should be presented with this article.

 

Step 2 - Download SAML metadata

You will need a couple of things from your server in order to configure Google. First you will need to download the SAML metadata.

In the table of SAML resources locate the Google resource, and click the options icon  to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.


Next, navigate to Configuration->Certificates and locate the SAML RSA certificate. Again using the options icon  to activate the dropdown, select Download Certificate

 

 

Before proceeding to the next step, open the XML file containing the metadata and locate the logon and logoff service URLs. These are located towards the end of the document and will look like

https://demo.hypersocket.com/hypersocket/api/sso/logon/123456

https://demo.hypersocket.com/hypersocket/api/sso/logoff/123456

Copy the entire URL as these will be entered into the Google settings.

 

Step 3 - Configure Google

Once you have setup the SAML resource on your server you will now need to log into your Google account as Administrator so that you can configure Google Security to use a third party Identity Provider.

First, once logged in, select Manage this Domain in the dropdown menu

This will take you to the Admin Console, where you will need to select the Security section.

 

In the Security section select the Set up single sign-on (SSO) option

 

 

You will now have a couple of options. You want to configure Option 2 so check the box Setup SSO with third party identity provider

 

In the Sign-in page URL and Change password URL settings, enter the logon URL we extracted from the metadata XML document earlier.

In the Sign-out page URL setting, enter the logoff URL we extracted.

Click Save Changes to commit the settings.

Finally, whilst still on the same page, click the Replace certificate link in the Verification certificate setting and upload the SAML RSA certificate we downloaded from your server earlier.

 

Step 4 - Final Checks

One final step before you start using your Google resource, ensure that you have assigned some Roles to it so that its available for users to use. 

In addition, each user's email address must match their Google logon email as this is the primary link between accounts.

Once access is assigned log out of Google and then access Hypersocket as a user with the rights to use the new resource. In Browser Resources section under My Resources click the launch icon  to access Google.

Have more questions? Submit a request

Comments