The Google Single Sign-On Integration allows a secure authentication method that leverages managed Google account credentials. When enabling this integration, it enforces and requires all user logins to the Addigy console from a Google Suite (G-Suite) app interface.
TABLE OF CONTENTS
(note: If you are editing your existing configuration, you must disable the integration to be able to edit!)
- Google G-Suite is required.
- G-Suite Admin access is required to configure the integration.
- The Create and Edit Integration privileges are required in Addigy to configure the Google Single Sign-on integration.
- Please ensure that you are using the same email address that's associated with your Addigy account.
Setting up the Integration
To set up the integration, start from the G-Suite Admin Console (admin.google.com) and go to Apps > SAML Apps.
1. Click Add at bottom right.
2. Click Set up my own custom app. The Google IDP Information window opens and the SSO URL and Entity ID fields automatically populate.
3. Get the setup information needed by copying the SSO URL and Entity ID URL and download the Certificate. (You will need this in the Addigy Google SSO Integration window)
4. In a separate browser tab or window, sign in to your Addigy console (prod.addigy.com), navigate to the Support > Integrations page, and enter the information from the Google custom app.
5. Click Next.
6. In the Basic information window, add an application name (e.g. Addigy SSO) and description for the Addigy Login:
7. (Optional) Download from the Addigy Google SSO Integration the Addigy icon (256px) file to serve as an icon for your custom app which can be uploaded into Google Suite SAML App configuration.
8. Click Next.
9. In the Service Provider Details window, enter an ACS URL and Entity ID. These values are all provided by your Addigy environment in Support > Integrations > Google SSO:
10 Click Next.
11. Click Add new mapping and enter the following attributes: First Name, Last Name, and Email using the Basic Information drop down attribute.
12. In the drop-down list, select the Category and User attributes to map the attribute from the Google profile.
The mappings must match the below image exactly, including capitalization.
13. Click Finish.
Note: If you are looking to automatically assign roles upon creation, you can make a Role attribute and tie it to a user attribute in Google that holds a "Power", "Admin", "User" or "addigy_user_role_id"
You can find these user roles IDs in the Account -> Users page, on the users' table.
Using the Addigy Google SSO Integration
Once you Setup the Google SSO Integration within Addigy and enable it for specific Organizational Units in Google Suite, you will see the Addigy integration icon labeled Google SSO.
When you click the Addigy integration icon Google SSO Integration icon, you will be directed to your Addigy Web Interface and prompted for your Google Suite account that you would like to leverage to login.
After selecting your specific Google account, you should be logged into Addigy directly.
Note: If the user does not exist in Addigy, one will be provisioned.
- The integration should only be enabled for Organizational Units in Google Suite that should have access to the Addigy Web Platform
- Users will only be able to login to the Addigy Web Platform using the Google SSO integration.
- Users will not be able to login through the normal Portal Interface.
- Users who do not have a Google Identity login under the same domain will not be able to login
- Users will be provisioned automatically if they do not exist in the Addigy Web Platform and will inherit the 'user' role