Setting SSO with Google

Modified on Tue, 18 Apr, 2023 at 4:12 PM

Log in to your Google admin console. There click the small arrow next to the “Apps” menu item on the left side panel, on the expanded menu click the “Web and mobile apps” item.


On the “Web and mobile apps” page click on the “Add app” button and from the presented menu select the “Add custom SAML app“ option.


On the “Add custom SAML app” page, give your app a meaningful name (e.g. tgndataSSO) and click the continue button on the right bottom of your screen.




On the next page copy and store for later usage the “SSO URL”, “Entity ID” and “Certificate” values, by clicking the little copy icon that exists on their right. When finished click the “Continue” button.






On another tab of your browser go to the tgndata console, log in if you are not logged in,
click the little human icon on the top right corner and select the “User Managment” item of the menu that poped up.



You will be redirected to the User Management page, there click the SSO edit button (the one with the small edit icon) to open the SSO edit dialog.



On the “SSO settings” modal select the “Identity Provider” tab.
There paste the “Entity ID” from Google to the “Identity Provider ID” field, the “SSO URL” from Google to the “Single Sign On endpoint” field, and finally paste the “Certificate” value from Google to the “Certificate” field.


 

Then select the “Service Provider” tab, there copy the
“Service Provider ID” and “Assertion Consumer Service” values cause you will need them for the next step.



Go back to the “Google” tab, there add from the copied values from the previous step the “Service Provider ID” value as the “Entity ID” and the “Assertion Consumer Service” value as the “ACS”.
Make sure that the “Name ID” is on “Basic Information > Primary email” and “Name ID Format” is “EMAIL”. Then click the “Continue” button at the bottom of your screen.



Optionally (and advanced), on the next page, if you want to limit access to the tgndata platform based on a specific claim’s attributes value (e.g.Department) then make sure you add that mapping, give an “App attributes” name to it (e.g. department) and make sure you copy that name for later usage. Click the “Finish” button at the bottom of your screen.

 

Go back to the tgndata console tab and on the “SSO settings” modal select the “Identity Provider” tab.

There If you want to limit access to the tgndata platform based on a specific claim’s value (e.g. Department) then check the “Restrict for groups” checkbox, put on the “Attribute Name”
 field the name value of the claim you copied earlier from Google (e.g. department) and on the “Allowed values” field put the possible source values that the claim should be allowed to have.

Click the “SSO” switch to be enabled and then click the “Save” button on the bottom part of the modal.

 


Congratulations, you have successfully enabled SSO with your Google

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article