The Google single sign-on (SSO) Integration enables secure authentication, leveraging managed Google account credentials to access the Addigy portal.
Table of Contents
(Note: If you are editing your existing configuration, you must disable the integration to be able to edit.)
Requirements
- Google G-Suite is required.
- G-Suite Admin access is required to configure the integration.
- The Create and Edit Integration privileges are required in Addigy to configure the Google Single Sign-on integration.
- Please ensure that you are using the same email address that's associated with your Addigy account.
Setting up the Integration
1. Starting from the G-Suite Admin Console (admin.google.com) go to Apps > Web and Mobile Apps. Click Add App.
2. Click custom SAML app. Then add App details and App Icon. Click Continue.
3. Get the setup information needed by copying the SSO URL and download the Certificate. (You will need this in the Addigy Google SSO Integration window)
4. In a separate browser tab or window, sign in to your Addigy console (app.addigy.com), navigate to the Account > Integrations > Addigy Add-Ons page. Enable the Google SSO (SAML) tile (under Log In Options) and enter the information from the Google Custom SAML app.
5. Back in the Google Admin Console, click Continue.
6. In the Service Provider Details section, enter an ACS URL and Entity ID. These values are all provided in your Addigy environment in Account > Integrations > Login Options > Google SSO:
7 Click Continue.
8. Click Add mapping and map the following attributes: First Name, Last Name, and Primary Email to the App Attributes listed below:
Note: App attributes are case sensitive. You must set up the mappings exactly as shown.
9. Click Finish.
10. Make sure the app is not set to "OFF for everyone". If it is, click the text and configure it to the desired setting.
Note: If you are looking to automatically assign roles upon creation, you can make a Role attribute and tie it to a user attribute in Google that holds a "Power", "Admin", "User" or "addigy_user_role_id". Using a role requires the attribute `addigy_role` and the appropriate attribute of "Power", "Admin", "User", or Custom Identifier as shown below.
You can find these user role IDs in the Account -> Users page, on the users' table.
Using the Addigy Google SSO Integration
Once you Setup the Google SSO Integration within Addigy and enable it for specific Organizational Units in Google Suite, you will see the icon labeled Continue with Google (SSO) on your organization login page. You can find this URL on Account > Settings or by typing subdomain.addigy.com.
When you click the button Continue with Google (SSO), you will be directed to your Addigy Web Interface and prompted for your Google Suite account that you would like to leverage to login.
After selecting your specific Google account, you should be logged into Addigy directly.
Additional Notes
- The integration should only be enabled for Organizational Units in Google Suite that should have access to the Addigy Web Platform
- Users will be able to login to the Addigy Web Platform using the Google SSO and Basic Authentication if both are enabled.
- If Basic Authentication is disabled, users will automatically redirect to the SAML Assertion and not see the normal login page to choose what option login with.
- If the user does not exist in Addigy and Allow automatic user provisioning is enabled in the Addigy Integration, one will be provisioned using Just-In-Time Provisioning with the `User` role, if a custom role identifier is not defined in the User Attributes.
Reference: https://support.google.com/a/answer/6087519