Steps to configure SAML SSO for Google Workspace
About Google Workspace
Google Workspace is a comprehensive suite of productivity and collaboration tools, including popular applications like Gmail, Calendar, Drive, and Meet, designed to enhance teamwork and efficiency for businesses of all sizes.
The following steps will help you enable single sign-on (SSO) for Google Workspace from Identity360.
Prerequisites
- The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to pricing details.
- Log in to Identity360 as an Admin or Super Admin.
- Navigate to Applications > Application Integration > Create New Application, and select Google Workspace from the applications displayed.
Note: You can also find Google Workspace from the search bar located at the top.
- Under the General Settings tab, enter the Application Name and Description.
- Under the Choose Capabilities tab, choose SSO and click Continue.
General Settings of SSO configuration for Google Workspace
- Under Integration Settings, navigate to the Single Sign On tab, click Metadata Details.
- Copy the Login URL and Logout URL, and download the SSO certificate by clicking Download from the Signing Certificate field. These details will be used during the configuration of Google Workspace.
Integration Settings of SSO configuration for Google Workspace
Google Workspace (service provider) configuration steps
- Log in to Google Workspace with admin's credentials.
- Navigate to Security > Authentication > SSO with third party IdPs > click ADD SAML PROFILE.
Portal view of Google Workspace
- Navigate to the bottom and click the Legacy SSO profile hyperlink to configure a legacy SSO profile.
SAML SSO settings in Google Workspace
- In the new Legacy SSO profile pane, check Enable legacy SSO profile.
- In the Sign-in page URL field, paste the Login URL value copied in step seven of the prerequisites.
- In the Sign-out page URL field, paste the Logout URL value copied in step seven of the prerequisites.
- In the Verification certificate field, upload the signing certificate file downloaded in step seven of the prerequisites.
- Click Save.
Configuration of legacy SSO in Google Workspace
- Choose a legacy SSO profile and its associated IdP. Go to SSO with third-party IdP and click MANAGE to assign the SSO profile.
SSO profile management view in Google Workspace
- From the SSO profile assignment drop-down, select the Legacy SSO profile.
- Click Save.
SSO profile assignment in Google Workspace
Identity360 (identity provider) configuration steps
- Switch to Identity360's application configuration page.
- In the Domain Name field, enter the domain name of your Google Workspace account. For example, if you use johndoe@google.com to log in to Google Workspace, then google.com is the domain name.
- Enter the Relay State parameter, if necessary. Sample Relay State value: https://www.google.com/a/<DOMAIN_NAME>/ServiceLogin?continue=<SERVICE_INSTANCE_URL>
- Click Save.
Integration Settings of SSO configuration for Google Workspace
- To assign this application to specific users, refer to this page.
Your users should now be able to sign in to Google Workspace through the Identity360 portal.
Note: For Google Workspace, both SP-initiated and IdP-initiated flows are supported.
Steps to enable MFA for Google Workspace
Setting up MFA for Google Workspace using Identity360 involves the following steps:
- Set up one or more authenticators for identity verification when users attempt to log in to Google Workspace. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
- Integrate Google Workspace with Identity360 by configuring SSO using the steps listed here.
- Now, activate MFA for Google Workspace by following the steps mentioned here.
How does MFA for applications work in Identity360?
