Pricing

Articles in this section

Configure Google G Suite as a SAML IdP

  • Updated:

This article will walk you through configuring Google G Suite to be your SAML Identity Provider within HelloID. This is useful if your organization uses Google G Suite as a primary source of authentication to access online services. This will allow your organization's users to log into HelloID and other cloud applications with their Google username and password.

Configure the Google IdP

  1. Log in to your G Suite admin console and select Apps.
    Google_Apps_IDP_1.png
  2. Select SAML Apps
    Google_Apps_IDP_2.png
  3. Click Add a service/App to your domain
    Google_Apps_IDP_3.png
  4. Select in the pop-up the option Setup my own custom app
    Google_Apps_IDP_4.png
  5. A screen will appear with the Google IdP information which is needed to set up the provider in HelloID. Minimize this screen until step 10.
    Google_Apps_IDP_5.png
  6. In the HelloID Administrator Dashboard, create a new certificate for the connection with G Suite. Learn about creating certificates here.
  7. Navigate to Security > Authentication > Identity Providers and click Add Provider. This will bring up the Identity Provider Catalog.
    add_provider.png
  8. Find the SAML - Generic IdP and click the Add button next to it.
  9. Enter a Name and select an Icon (optional). Turn on the Enable JIT toggle (just-in-time provisioning) if you would like new HelloID accounts to be automatically created the first time users log in via G Suite. When JIT is on, you do not need to manually create HelloID accounts in advance. Make note of the Consumer URL. Click on the Configuration tab.
  10. Enter or make note the following information. All other fields may remain at their default value. View a complete configuration reference here.
    • Login URL: Copy SSO URL from the Google IdP configuration, which you minimized in step 5.
    • Request Certificate: Select the certificate that you created in step 6.
    • Logout URL: https://accounts.google.com/logout
      Google_Apps_IDP_9.png
  11. Click Save to save the IdP configuration in HelloID. You may configure other optional settings on the Configuration tab as desired.
  12. Back in the browser with the Google SAML App, click Next.
    Google_Apps_IDP_10.png
  13. Enter a name for the Custom App (description and logo are optional) and click Next.
    Google_Apps_IDP_11.png
  14. Use the Consumer URL and Issuer (steps 9 and 10) in the Service Provider Details screen and click Next.
    • ACS URL: Consumer URL
    • Entity ID: Issuer
    • Signed Response: Enable
    • Name ID Format: Email
      Google_Apps_IDP_12.png
  15. Click Add New Mapping.
    Google_Apps_IDP_14.png
  16. Add the following mappings and click Finish.
    1. Email, Basic Information, Primary Email
    2. Firstname, Basic Information. First Name
    3. Lastname, Basic Information,Last Name
      Google_Apps_IDP_15.png

  17. The SAML application for HelloID has been configured. Press OK to continue.
    Google_Apps_IDP_16.png
  18. Now the application needs to be turned on by clicking the dots top right of the screen and select ON for everyone.
    Google_Apps_IDP_17.png
  19. Select Turn on for everyone.
    Google_Apps_IDP_18.png
  20. The configuration is finished. It can now be tested. Go to your HelloID portal and log in with the G Suite IdP. The login will be routed to the Google login page.
    Google_Apps_IDP_19.png
  21. Once authenticated through Google, the user will be logged into HelloID with their Google account.
    Google_Apps_IDP_20.png
  22. As a final step, you may want to edit HelloID's user attribute mapping configuration. See Mapping - Overview and Edit a mapping set.
Was this article helpful?
0 out of 0 found this helpful
Please visit our website for more information about HelloID (identity as a service).
Return to top