The Google Single Sign-On Integration allows a secure authentication method that leverages managed Google account credentials.
Table of Contents
(Note: If you are editing your existing configuration, you must disable the integration to be able to edit.)
Requirements
- Google G-Suite is required.
- G-Suite Admin access is required to configure the integration.
- The Create and Edit Integration privileges are required in Addigy to configure the Google Single Sign-on integration.
- Please ensure that you are using the same email address that's associated with your Addigy account.
Setting up the Integration
To set up the integration, start from the G-Suite Admin Console (admin.google.com) and go to Apps > Web and Mobile Apps.
1. Click Add App.
2. Click custom SAML app. Then add App details and App Icon.
3. Get the setup information needed by copying the SSO URL and download the Certificate. (You will need this in the Addigy Google SSO Integration window)
4. In a separate browser tab or window, sign in to your Addigy console (app.addigy.com), navigate to the Account > Integrations page, and enter the information from the Google Custom SAML app and press Update.
5. Click Continue in Google.
6. In the Service Provider Details window, enter an ACS URL and Entity ID. These values are all provided in your Addigy environment in Account > Integrations > Login Options > Google SSO:
7 Click Continue.
8. Click Add mapping and enter the following attributes: First Name, Last Name, and Primary Email using the Basic Information drop down attribute and match them with the App Attributes listed below:
Note - You must set up the mappings exactly as shown.
9. Click Finish.
10. Make sure the app is not set to "OFF for everyone". If it is, click the text and configure it to the desired setting.
Note: If you are looking to automatically assign roles upon creation, you can make a Role attribute and tie it to a user attribute in Google that holds a "Power", "Admin", "User" or "addigy_user_role_id". Using a role requires the attribute `addigy_role` and the appropriate attribute of "Power", "Admin", "User", or Custom Identifier as shown below.
You can find these user role IDs in the Account -> Users page, on the users' table.
Using the Addigy Google SSO Integration
Once you Setup the Google SSO Integration within Addigy and enable it for specific Organizational Units in Google Suite, you will see the icon labeled Continue with Google (SSO) on your custom login page. You can find this URL on Account > Settings OR by typing subdomain.addigy.com.
When you click the button Continue with Google (SSO), you will be directed to your Addigy Web Interface and prompted for your Google Suite account that you would like to leverage to login.
After selecting your specific Google account, you should be logged into Addigy directly.
Note: If the user does not exist in Addigy, one will be provisioned using Just-In-Time Provisioning with the `User` role, if a custom role identifier is not defined in the User Attributes.
Additional Notes
- The integration should only be enabled for Organizational Units in Google Suite that should have access to the Addigy Web Platform
- Users will be able to login to the Addigy Web Platform using the Google SSO and Basic Authentication if both are enabled.
- If Basic Authentication is disabled, users will automatically redirect to the SAML Assertion and not see the normal login page to choose what option login with.
- Users will be provisioned automatically if they do not exist in the Addigy Web Platform and will inherit the 'user' role, unless modified or disabled under the SSO Option.
Reference: https://support.google.com/a/answer/6087519