Configuring SAML for Google Apps

Create a SAML App in Google

From the admin area of your Google Apps account click on Apps.

Click on SAML apps

Click on "Add a service/App to your domain"

Click "Setup My Own Custom App"

Copy URL and Download Certificate

From the Google IdP Information screen do the following:

  1. Copy the SSO URL to the clipboard.
  2. Click the Download button next to Certificate to download a PEM file. You will upload this file to ScreenSteps in just moment.

Open a new browser window and go to Single Sign-on section in ScreenSteps

Make sure you open a new browser window as you will need to refer to both the ScreenSteps and Google windows.

Go to the Account Management tab in your ScreenSteps account.

Go to Remote Authentication Settings

Select Single Sign-On from the side bar

Select Remote Authentication from the side bar

Create an endpoint

Select Create Single Sign-on Endpoint.

  1. Enter a name for the endpoint.
  2. Make sure the Mode is set to SAML.
  3. Paste the URL that you copied from the Google IdP Information browser window.
  4. Click Create.

Upload the SAML Certificate

Now that you have created a new endpoint you can upload the SAML file that you downloaded previously.

  1. Click on the Upload new SAML Certificate file button. You will be prompted to select a file. Select the .pem file you downloaded from Google. The file should start with GoogleIDPCertificate-.
  1. After selecting the file a new authentication group will be created and will appear in the Group menu.

Copy the SAML Consumer URL to the clipboard.

Finish configuring Google

Return to the Google browser window and click the Next button.

Enter ScreenSteps as the Application Name then click "Next"

Enter Service Provider Details

In the Service Provider Details screen do the following:

  1. Paste the SAML Consumer URL you copied from the ScreenSteps Single Sign-on window into the ACS URL field.
  2. Enter ScreenSteps-Live for the Entity ID.
  3. Set the Name ID to Basic information and Primary Email.
  4. Set the Name ID Format to EMAIL.
  5. Click Next.

Click Finish

You do not need to add any mappings. Click Finish.

Click OK

Turn ScreenSteps SAML app on

Before you can test the SAML integration you will need to turn it on in Google Apps. From the settings page click on the menu to turn it on.

Test using the SAML Test URL

Switch back to the ScreenSteps window and copy the SAML Test URL. Paste it into a new browser window to test your Google SAML integration.

0 Comments

Add your comment

E-Mail me when someone replies to this comment