Passly can support most Identity Provider (IdP) Init web applications that support SAML 2.0. Out of the box, Passly ships with support for G suite, formerly known as Google Apps.
First we are going to enable and configure the app in SSO.
- Log into your Passly tenant as an administrator, and browse to SSO Manager
- Select the Add application icon in the bottom right corner.
In the list, search for "Google" and you will see the application named "Google Apps".
Note: The application may be named Google Apps in the catalog and can simply be renamed once added.
- Check the box to Enable the application and select the Protocol Setup tab.
- Edit the "Assertion Consumer Service URL" to reflect your G-Suite domain - https://www.google.com/a/YourGoogleDomain.com/acs
- Edit the "Service Entity ID (issuer)" field to simply be "Google.com" as seen below
- Advanced Settings, Set Signing algorithm to SHA-256 and Fixed relay state to your G-Suite domain - https://www.google.com/a/YourGoogleDomain.com/acs
Note: Replace "YourGoogleDomain.com" with your Google Apps Domain.
- Select the "Add Application" link at the bottom right.
- Once added to your list, select once more for further configuration.
- Select the "Permissions" tab and add groups that will have permissions to access this application.
- Select the "Signing and Encryption" tab
Download a copy of the certificate for your tenant. This certificate file will be imported into G-Suite application itself.
Configuring Google Apps
Note: the following steps for configuring G-Suite can also be found here
- Sign in to the Google Admin console.
- Click Security > Advanced settings. Where is it?
- Check the Setup SSO with third party identity provider box.
- Enter the following URLs to your Passly tenant as outlined below:
Sign-in URL: https://(your tenant).my.passly.com/trust/Launch
Sign-out URL: https://(your tenant).my.passly.com/apps
- Upload the certificate that you downloaded from your tenant using the Choose file and Upload links in the Verification Certificate area.