Configuring Single Sign-On for Google Workspace (formerly G Suite)

The need for single sign-on

With the advent of cloud technology, almost every organization uses multiple cloud apps to ease their business processes. Storing data on the cloud or accessing cloud applications for IT management is common. However, this development comes at a price. With numerous applications, employees have to remember different passwords, which is a daunting task. What if there was a comprehensive solution that offered users the capability to access all their cloud accounts with a single credential?

Introducing ADSelfService Plus—with its single sign-on (SSO) feature, administrators can allow end users to access all their SAML cloud app accounts such as Google Workspace with their Active Directory credentials and save them the trouble of having to remember a myriad of passwords. Let us look at how to configure SSO for Google Workspace (formerly G Suite and Google Apps) using ADSelfService Plus.

Prerequisites

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select G Suite from the applications displayed.
   Note: You can also find the Google Workspace application that you need from the search bar located in the left pane, or the navigation option in the right pane.
3. Click IdP details in the top-right corner of the screen.
4. In the pop-up that appears, copy the Login URL and Logout URL and download the SSO certificate by clicking the Download Certificate link.

   

G Suite configuration steps

1. Log in to Google Workspace with administrator credentials.
2. Select Setup Single Sign-On (SSO) from the Security tab.

   

3. Under Sign-in page URL, enter the URL for signing in to your system and Google Workspace apps (refer to Step 4 of Prerequisites).
4. Under Sign-out page URL, enter the URL users should be redirected to when they sign out (refer to Step 4 of Prerequisites).
5. Upload the verification certificate (refer to Step 4 of Prerequisites).

   

ADSelfService Plus configuration steps

1. Log in to the ADSelfService Plus web console with administrator credentials.
2. Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application.
3. Click on G Suite. You will be presented with the Google Workspace configuration page.

   

4. Enter the Application Name and Description.
5. Enter the Domain Name of your Google Workspace account. For example, if you use johndoe@thinktodaytech.com to log in to G Suite, then thinktodaytech.com is the domain name.
6. In the Assign Policies field, select the policies for which SSO needs to be enabled.
   Note: ADSelfService Plus allows you to create OU- and group-based policies for your Active Directory domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
7. Select the SAML tab.
8. Select Enable Single Sign-On.
9. Click Add Application.

   

Your users can now sign in to Google Workspace through ADSelfService Plus.

After this configuration, when users try to access Google Workspace, they will be redirected to the ADSelfService Plus server, which authenticates their accounts with either Active Directory or Windows credentials. Once they are authenticated, they will automatically be logged in to Google Workspace through SSO.