Using Google custom SAML App as an Identity Provider (IdP) for Azion
The Google Identity Provider (IdP) is a trusted entity that allows you to enable single sign-on to access other sites or services, such as Azion. Your users can continue using their corporate user identities without having to remember a specific password or enter credentials each time they access Azion’s platform.
To set up a Google custom SAML app as your account IdP for Azion, follow the next steps.
Configuring the SAML app on Google Admin
-
Access Google Admin Console.
-
Go to the upper-left corner of the page, and in the dropdown menu, select Apps > Web and mobile apps.
-
Click Add App > Add custom SAML app.
-
On the App Details page:
- Type a name for the app you’re creating.
- Click Continue.
-
On the Google Identity Provider details page, copy the SSO URL and Entity ID and download the Certificate. You’ll need this information on Azion’s platform.
Configuring the Identity Provider on Azion
- Access Azion Console.
- On the upper-right corner of the page, select the avatar menu. This is the Account menu.
- Select SSO Management.
- Click the Add Identity Provider button and select SAML.
- On the Identity Provider page, choose a name that identifies your Identity Provider. Example:
Google IdP
. - Fill in the following fields with the data copied from Google Admin:
- Identity provider’s Entity ID URI.
- Sign-in URL.
- Certificate. It must include the —-BEGIN CERTIFICATE—- and —-END CERTIFICATE—- parts.
- Click Save. You’ll be redirected to the list of identity providers, where you can view all the providers created in your account.
- Access Real-Time Manager (RTM).
- On the upper-right corner of the page, select the avatar menu. This is the Account menu.
- Select SSO Management.
- Click the Add Identity Provider button and select SAML.
- On the Identity Provider page, choose a name that identifies your Identity Provider. Example:
Google IdP
. - Fill in the following fields with the data copied from Google Admin:
- Identity provider’s Entity ID URI.
- Sign-in URL.
- Certificate. It must include the —-BEGIN CERTIFICATE—- and —-END CERTIFICATE—- parts.
- Click Save. You’ll be redirected to the list of identity providers, where you can view all the providers created in your account.
Completing the registration of the app on Google Admin
-
On the SSO Management page of Azion Console:
- Find the box of your recently created identity provider.
- Click the context menu, represented by three dots > Edit.
-
On the Identity Provider page you’ll need to copy the following information to finish the configuration on Google Admin:
- Assertion Consumer Service URL.
- Service Provider’s Entity ID URI.
- Sign-in URL.
-
On Google Admin, access the Service Provider Details of the app you’ve created and provide the following information:
- In the ACS URL field, paste the Assertion Consumer Service URL you’ve copied from Console.
- In the Entity ID field, paste the Service Provider’s Entity ID URI you’ve copied from Console.
- In the Start URL field, paste the Sign-in URL you’ve copied from Console (optional field).
-
Check the Signed Response box.
-
In the Name ID format field, select the option UNSPECIFIED.
-
In the Name ID field, select the option Basic Information > Primary email.
-
Click Continue.
-
On the Attribute mapping page, click Add Another Mapping.
-
In the Google Directory attributes field, select Basic Information > Primary email.
-
In the App Attributes field, set the string email.
-
Click Finish.
-
On the SSO Management page of RTM:
- Find the box of your recently created identity provider.
- Click the context menu, represented by three dots > Edit.
-
On the Identity Provider page you’ll need to copy the following information to finish the configuration on Google Admin:
- Assertion Consumer Service URL.
- Service Provider’s Entity ID URI.
- Sign-in URL.
-
On Google Admin, access the Service Provider Details of the app you’ve created and provide the following information:
- In the ACS URL field, paste the Assertion Consumer Service URL you’ve copied from RTM.
- In the Entity ID field, paste the Service Provider’s Entity ID URI you’ve copied from RTM.
- In the Start URL field, paste the Sign-in URL you’ve copied from RTM (optional field).
-
Check the Signed Response box.
-
In the Name ID format field, select the option UNSPECIFIED.
-
In the Name ID field, select the option Basic Information > Primary email.
-
Click Continue.
-
On the Attribute mapping page, click Add Another Mapping.
-
In the Google Directory attributes field, select Basic Information > Primary email.
-
In the App Attributes field, set the string email.
-
Click Finish.
Turning on the Google custom SAML app
After setting the service provider details:
- Go back to Google Admin Console.
- Go to the upper-left corner of the page, and in the dropdown menu, select Apps > Web and mobile apps.
- Select the SAML app you’ve just created.
- Click User access and then click On for everyone to turn the service on for everyone in your organization. If you want to turn the app off, click Off for everyone.
- Click Save.
Turning on the Identity Provider on Azion
- Back on Console, access the SSO Management page.
- On the box of the Identity Provider you’ve added, click Activate and turn on identity Origin and then click Confirm.
Now all the users of the account, except for the Account Owner will be able to access Console using Google as the Identity Provider.
- Back on RTM, access the SSO Management page.
- On the box of the Identity Provider you’ve added, click Activate and turn on identity Origin and then click Confirm.
Now all the users of the account, except for the Account Owner will be able to access RTM using Google as the Identity Provider.