This article will walk you through configuring Google G Suite to be your SAML Identity Provider within HelloID. This is useful if your organization uses Google G Suite as a primary source of authentication to access online services. This will allow your organization's users to log into HelloID and other cloud applications with their Google username and password.
Configure the Google IdP
- Log in to your G Suite admin console and select Apps.
- Select SAML Apps
- Click Add a service/App to your domain
- Select in the pop-up the option Setup my own custom app
- A screen will appear with the Google IdP information which is needed to set up the provider in HelloID. Minimize this screen until step 10.
- In the HelloID Administrator Dashboard, create a new certificate for the connection with G Suite. Learn about creating certificates here.
- Navigate to Security > Authentication > Identity Providers and click Add Provider. This will bring up the Identity Provider Catalog.
- Find the SAML - Generic IdP and click the Add button next to it.
- Enter a Name and select an Icon (optional). Turn on the Enable JIT toggle (just-in-time provisioning) if you would like new HelloID accounts to be automatically created the first time users log in via G Suite. When JIT is on, you do not need to manually create HelloID accounts in advance. Make note of the Consumer URL. Click on the Configuration tab.
- Enter or make note the following information. All other fields may remain at their default value. View a complete configuration reference here.
- Login URL: Copy SSO URL from the Google IdP configuration, which you minimized in step 5.
- Request Certificate: Select the certificate that you created in step 6.
- Logout URL: https://accounts.google.com/logout
- Click Save to save the IdP configuration in HelloID. You may configure other optional settings on the Configuration tab as desired.
- Back in the browser with the Google SAML App, click Next.
- Enter a name for the Custom App (description and logo are optional) and click Next.
- Use the Consumer URL and Issuer (steps 9 and 10) in the Service Provider Details screen and click Next.
- ACS URL: Consumer URL
- Entity ID: Issuer
- Signed Response: Enable
- Name ID Format: Email
- Click ADD NEW MAPPING.
- Add the following mappings and click Finish.
- Email, Basic Information, Primary Email
- Firstname, Basic Information. First Name
- Lastname, Basic Information,Last Name
- The SAML application for HelloID has been configured. Press OK to continue.
- Now the application needs to be turned on by clicking the dots top right of the screen and select ON for everyone.
- Select Turn on for everyone.
- The configuration is finished. It can now be tested. Go to your HelloID portal and log in with the G Suite IdP. The login will be routed to the Google login page.
- Once authenticated through Google, the user will be logged into HelloID with their Google account.