WebsiteBlogLogin

Use Google as your Identity Provider

Overview

After enabling Onum as a service provider, you can set up Google as an identity provider for SAML. You need to create a SAML app in your Google Admin Console in order to register your Callback URL and Entity ID so Google can send SAML responses to the right place.

Set up your custom SAML app

To activate Google as an identity provider for SAML authorization, you need a Google administrator account.

1

Log in to your Google Admin Console. In the left menu, go to Apps > Web and mobile apps.

2

Click Add App > Add custom SAML app. Enter a name for the app (e.g., MyApp SAML SSO) and optionally, upload an app icon. Click Continue.

3

On the Google Identity Provider details page, you'll see the setup information you’ll need to enter in Onum:

  • SSO URL

  • Entity ID

  • Certificate

Copy/download all of them and click Continue.

4

Now access Onum and go to the Authentication area in your Admin menu. Once there, click the Configure Single-Sign-On button and select SAML in the Authentication method field. Enter the following in the fields that appear:

Parameter
Description

IdP Entity ID

Enter the Entity ID you copied in your Google Admin Console.

Single Sign-On URL

Enter the SSO URL you copied in your Google Admin Console.

Certificates

Paste here the Certificate you downloaded in your Google Admin Console.

Now click Save. You'll be given a Callback URL.

5

Go back to your Google Admin Console. In the Service Provider Details window, enter the following:

6
Parameter
Description

ACS URL*

Enter the Callback URL you got in Onum. This is the endpoint in your app that receives SAML responses.

Entity ID*

The unique identifier for your app. Enter the same Callback URL here.

Start URL

Optionally, you can set a URL to redirect to after authentication.

Signed response

Check this option to indicate that your service provider requires the entire SAML authentication response to be signed. If this is unchecked (the default option), only the assertion within the response is signed.

Name ID format/value

Optionally, set a Name ID format and Name ID value for your custom SAML app. The default Name ID is the primary email.

Click Continue.

7

If needed, click Add mapping to map user attributes based on the service provider’s requirements, or enter group names that are relevant for this app.

8

Click Finish when done.

Turn on your SAML app

By default, the new SAML app is OFF for everyone. To activate it:

1

Log in to your Google Admin Console. In the left menu, go to Apps > Web and mobile apps.

2

Select your SAML app and click User access.

3

To turn a service on or off for everyone in your organization, click On for everyone or Off for everyone, and then click Save.

Changes can take up to 24 hours, but typically happen more quickly.

Done! Google is now your identity provider for Onum.

PreviousSingle Sign-On (SSO) with SAMLNextUse Okta as your Identy Provider

Last updated

Was this helpful?