By /

SSO Configuration with SAML (Single Sing-On)

 

1 – In Google Workspace, go to Apps > Web and mobile apps

2 – Select Add app > Add custom SAML app


 

3 – Fill in the following data: 

  • App name: OnePlatform (Suggested name)
  • Description: (Optional) 
  • App Icon: (Optional) OnePlatform Icon 



 
Click CONTINUE

4 – Copy the Entity ID and download the Certificate. Click CONTINUE



5 – Open OnePlatform in a new tab, click on Settings Organization



6 – Select the Single Sign-On tab



7 – Fill in the Sign In URL field with the Entity ID copied in step “4” and select the downloaded Certificate file



8 – Copy the following data obtained from OnePlatform:
  • ACS URL
  • Entity ID


9 – Paste the copied data into the corresponding fields in Workspace, as shown in the image below.

10 – Choose the format you want for the app name (First name, Last name or Primary e-mail) and click CONTINUE


11 – Open the created app and click on User Access



12 – Enable access for Workspace users to use this app. Users who are enabled will be able to log in to OnePlatform

  • If you to release it to all workspace users, select ON for everyone and click in SAVE


 

  • If you want, configure a specific group in your workspace and, by clicking on Group, select the desired group, then activate the ON switch and click on SAVE

 

13 – Wait until the App created to access OnePlatform appears. This may take a few minutes 


 

 

Configuration for user synchronization on OnePlatform

 

1 – Enter the Google Cloud, select the menu through the 3 bars located in the top left corner, select IAM & Admin > Service Accounts


 

2 – Click Create Service Account 


 

3 – Fill the fields with the data, click on Create and Continue then on Done

  • Service Account Name: Oneplatform SSO  (Suggested name)
  • Description: (Optional)

4 – Open the created service account and select the KEYS, click ADD KEY and Create new key

5 – Select the key type as JSON, click CREATE.

***store in a safe place 

6 – Select the Details tab and click on Advaced settings

7 – Write down the Client ID, as it will be used in future steps

8 – In your Workspace Administrator panel, in the lefr menu, select Security> Data and access control > API Controls

9 – Click on MANAGE DOMAIN WIDE DELEGATION 

10 – Click on Add new 

11 – In the Client ID field, fill in the valuue noted in step “7”

12 – In the OAuth scopes
field, fill in these values on each line (place each link separately,
for each one added, the field to add the next one will appear):

  • https://www.googleapis.com/auth/admin.directory.group.readonly -> View groups on your domain
  • https://www.googleapis.com/auth/admin.directory.group.member.readonly –> View group subscriptions on your domain
  • https://www.googleapis.com/auth/admin.directory.user.readonly –View information about users in your domain

***If you want to check the level of access you are allowing, access the link

13 – Click on AUTHORIZE

14 – Access the Google Cloud Console, in the left menu, access APIs & Sesvices > Library

15 – Search for Admin SDK API

16 – Click on Enable 

17 – Return to the SSO settings screen on OnePlatform and fill in the fields:

  • Workspace admin e-mail -> email with admin access to the workspace
  • E-mail of group to sync users ->
    e-mail of the group configured to synchronize users with OnePlatform
    (if you selected activate for the entire workspace, use a group that
    contains all users)

18 – Further down in Credentials File, select the JSON saved with the keys created in step “5”, clicking on SELECT FILE

19 – Click on SAVE INTEGRATION and it is configured.

Teste grátis por 14 dias
Scroll to Top