Enable SSO for Google Workspace

A. Add Google Workspace (SSO) Application in Zaperon

A.1 . In the Admin Dashboard, click Application >Add Application.

A.2. Click on Google Workspace from application catalog.

A.3. Enter details in SAML Settings and click Next.

A.4 . In Attribute Mapping tab, select in SAML Attribute Format value as Email Address and User Attribute value as Business Email for Name ID SAML Attribute and click Submit. A new custom attribute can be created by clicking on Add Custom Attributes button.

A.5 . In Single Sign-on Configuration popup will appear. Copy Sign-in URL, Sign-out URL and download certificate. These will be used later to configure admin console of Google Workspace. Follow instructions in section B.

A.6. You’ll see Google Workspace app has been added to application table.

B. Configure admin console of Google Workspace

B.1. After logging to your Google Workspace admin console, go to Security >Authentication >SSO with Third-party IdP. Click Add SAML Profile to add Third-party SSO profile for your organization.

B.2. Enter SSO Profile name and click Save.

B.3 Copy Entity ID from SP details section and paste in IDP Entity ID field of IDP details section.

B.4 Then copy ACS URL and paste in Single sign on (SSO) URL field of Zaperon admin console. Refer section A.3.

B.5 Copy and paste Sign-in page URL & Sign-out page URL from section A.5. Also, upload certificate that was downloaded in section A.5. Click Save.

This will enable SSO for Google Workspace from Zaperon for the users in the organization. In case SSO is to be enabled only for few users, follow steps in section C.

C. Enable partial SSO in Google Workspace

C.1. Go to Directory >Organizational Units and select Create organizational unit.

C.2. Enter name and description of the organizational unit and Click Create.

C.3. New Organizational Unit will appear in the list.

C.4. Go to Users and select users for whom you want to enable SSO. Change their organizational unit by clicking

More options >Change organizational unit.

C.5. Select organizational unit in the popup and click Continue.

C.6. Confirm in the next popup by clicking Change.

C.7. Selected users have been assigned to the new organizational unit. You can check by clicking Users from selected organizational units and select the new organizational unit. You will see users added to this unit.

C.8. Go to Security >Authentication > SSO with third-party IdP. In the section Manage SSO profile assignments click MANAGE.

C.9. Select the new organizational unit from the menu and then select desired SSO Profile from the dropdown menu. Select option to have Google prompt for username and click Save.

Google Sites

Report abuse