Introduction
This article outlines the information and steps you need to take in order to configure Google to use the LogonBox SAML Identity Provider. Once configured, your users will be redirected to your LogonBox Server to authenticate.
Step 1 - Create the Resource from the Template
Log into your server as admin and navigate to Identity Services->SAML. Select Search Templates and select the Google SAML template and click Next.
You will be asked for your Google domain name. Enter the primary domain name of your Google account, for example 'logonbox.com'
Click Next and you should be presented with this article.
Step 2 - Download SAML metadata
You will need a couple of things from your server in order to configure Google. First you will need to download the SAML metadata.
In the table of SAML resources locate the Google resource, and click the options icon to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.
Next, navigate to Configuration->Certificates and locate the SAML RSA certificate. Again using the options icon to activate the dropdown, select Download Certificate.
Before proceeding to the next step, open the XML file containing the metadata that was downloaded above and locate the logon and logoff service URLs. These are located towards the end of the document and will look like
https://demo.logonbox.com/app/api/sso/logon/123456
https://demo.logonbox.com/app/api/sso/logoff/123456
Copy the entire URL as these will be entered into the Google settings.
Step 3 - Configure Google
Once you have setup the SAML resource on your server you will now need to log into your Google account as Administrator so that you can configure Google Security to use a third party Identity Provider.
First, once logged in, select Manage this Domain in the dropdown menu
This will take you to the Admin Console at admin.google.com, where you will need to select the Security section.
In the Security section select the Set up single sign-on (SSO) option
You will now have a couple of options. You want to configure the second option, so check the box Setup SSO with third party identity provider
In the Sign-in page URL and Change password URL settings, enter the logon URL we extracted from the metadata XML document earlier.
In the Sign-out page URL setting, enter the logoff URL we extracted.
Click Save Changes to commit the settings.
Finally, whilst still on the same page, click the Replace certificate link in the Verification certificate setting and select the SAML RSA certificate we downloaded from your server earlier and click UPLOAD.
Step 4 - Final Checks
One final step before you start using your Google resource, ensure that you have assigned some Roles to it so that its available for users to use.
Edit the SAML resource.
Go to the Assignment tab and add in Users, Groups, or Roles. Use the default Everyone Role if you wish all users to be able to access this resource.
Click Update.
In addition, each user account's email address must match their Google logon email as this is the primary link between accounts.
Once access is assigned log out of Google and then access LogonBox as a user with the rights to use the new resource.
In My Resources->Browser Resources click the launch icon to access Google.
