Google Workspace SAML

0 3 May 2024

This comprehensive guide is designed to assist you in integrating ALMEFY as your Identity Provider (IdP) for Google Workspace, utilising SAML 2.0, enabling Single Sign-On (SSO). We'll walk you through the necessary steps to ensure a seamless and secure setup. Please also refer to the Google Workspace documentation for further details.

Prerequisites

  • Admin access to your ALMEFY Hub at \<subdomain>.hub.almefy.com
  • A Goggle account with access to the Google Admin Console and super admin privileges.

Setup Overview

We try our best to keep these guides updated but can not anticipate when platforms might update interfaces, or change available options for configuring SSO.

Though setting up ALMEFY as your IdP generally follows the same steps for all platforms.

  1. Configure Endpoint – Set up the specific details of your endpoint in the ALMEFY Hub.
  2. Configure Platform – Adjust your platform’s settings for compatibility with the ALMEFY endpoint.
  3. Copy Metadata – Transfer the necessary metadata from your platform to the ALMEFY Hub for secure integration.

Each step corresponds to the options in the left column of the ALMEFY Hub interface.
If you find any inconsistencies in this guide, please let us know via our contact form.

Setup

Please note: the steps in the left column of the Endpoint Creation screen in the ALMEFY Hub correspond to the same as in this guide.

Step 1. ALMEFY SSO Endpoint Configuration

  1. Create a new Endpoint in the ALMEFY Hub by clicking the Add Endpoint button in the top right of the Endpoints page.
  2. Select the Google Workspace Preset
  3. (Optional) Rename the endpoint and the endpoint id if you do not want to use the default.
  4. Press the Generate Certificate & Private Key button or paste your own into the textboxes.
  5. Keep the endpoint configuration options open and continue with Step 2.

Step 2. Google Workspace Configuration

More details can be found in the Google Workspace documentation.

  1. Sign in to your Google Admin console.
  2. In the Admin console, go to Menu > Security > Authentication > SSO with third part IdP.
  3. In Third-party SSO profile for your organization, click Add SSO profile.
  4. Check the Set up SSO with third-party identity provider box.
  5. Enter ALMEFY as the name of the profile.
  6. From the ALMEFY Hub Step 2. section copy the SSO URL and paste it into the Sign-in page URL in the Google settings.
  7. In the ALMEFY Hub, click the Download X.509 Certificate button of the Step 2. section.
  8. Click Upload certificate in the Google settings and select your google_workspace_saml_certificate.crt file and click save.
  9. In the SP Details section of the Google Admin Console, copy the ACS URL
  10. Decide which users should use SSO. Click Manage SSO profile assignments.
  11. Click Get Started or Manage
  12. On the left, select the organizational unit or group to which you’re assigning the ALMEFY SSO profile.
  13. Choose ALMEFY for the selected OU or group.
  14. Click Save.

More details about the assignments can be found here

Step 3. Copy Workspace Metadata

  1. Navigate back to the ALMEFY Hub Endpoint creation page.
  2. Paste the copied value in to the ACS URL found in the Step 3. section.
  3. Click "Add Endpoint".
  4. You are done!

Test & Troubleshoot

To ensure that ALMEFY has been correctly set up as your Identity Provider (IdP), you can test the login in two ways:

  1. Platform Login Page: Visit Google's login page and check if the ALMEFY Login option is visible and functional by clicking on it and scanning the ALMEFY QR Code with the ALMEFY App.
  2. ALMEFY SSO Page: Go to <subdomain>.sso.almefy.com, sign in with the ALMEFY App, and choose your newly enabled endpoint to test the authentication process.

If you encounter any issues:

  • Review this guide to make sure all steps were followed correctly.
  • Consult the Google Workspace documentation for specific setup and troubleshooting instructions.
  • Try to contact Google support and see if your issue can be resolved.
  • If you still need help, please fill out our contact form for support.

    Conclusion

Congratulations on successfully setting up SAML 2.0 authentication with ALMEFY as your Identity Provider! You are now equipped to offer users a secure and convenient single sign-on experience.