Configure Google Workspace as a Third-Party IdP with SOTI Identity
Before you begin
Set up and verify a domain to use with this Google Workspace IdP connection. Read more at Add Domains.
About this task
If you already have a set of users with Google Workspace, you can configure SOTI Identity to delegate authentication and authorization to Google Workspace rather than recreate an existing set of users and structures.
Note: This procedure includes steps to perform in an external tool and is
subject to change without notice.
Procedure
Download SOTI Identity metadata
- In the SOTI Identity Admin Console, open the main menu and select Directories/IDP.
- Select Create Connection dialog box. to open the
- Select SAML Based IdP.
- Select Downloads in the upper right corner of the Configure IdP dialog box and download the Identity Metadata and Identity Certificate to your computer.
Configure Google Workspace as an IdP for SOTI Identity
- Open another browser tab and log into the Google Workspace Admin Console as an administrator.
-
Create a custom attribute.
Google Workspace does not automatically provide membership information in the SAML response. To add membership information to the SAML response, you need to create a custom attribute.
- Optional:
Assign values to the custom attribute.
- Still in the Google Workspace Admin Console, in the main menu, select .
- Click the Add button in the bottom right and click Set up my own custom app.
- On the Google IdP Information screen, choose the option to download the IdP metadata. Click Next.
- Enter a name and description for the app. You can also upload a logo. Click Next.
-
Fill in the Service Provider Details. You can find this information in the SOTI Identity metadata file you downloaded previously.
ACS URL Enter the value of the AssertionConsumerService Location
attribute from the SOTI Identity metadata file.Entity ID Enter the value of the EntityDescriptor entityID
attribute from the SOTI Identity metadata file.Signed Response Select the Signed Response check box. This setting ensures that entire response is signed, not just the assertion. -
Set up attribute mappings for your IdP users and groups. Click Add new mapping and recreate the table below.
FirstName Basic Information First Name LastName Basic Information Last Name Email Basic Information Primary Email Groups Note: This is a custom attribute. Only set up this mapping if you created a custom attribute for group membership information.User member info UserGroups - Click Finish then OK.
Import Google Workspace metadata into SOTI Identity
- Return to the SOTI Identity console and the Configure IdP dialog box.
- Give the Google Workspace connection a name.
-
Beside IdP Metadata file click
Import and browse to the SAML metadata file you
downloaded from Google Workspace previously.
The file will populate the IdP Entity ID, SSO URL, and Certificates fields.
- Click Create to save the new Google Workspace IdP connection.
Add Google Workspace User Groups to SOTI Identity
Note: You can only add user groups and not individual users in SAML Based IdP connections.
- In the SOTI Identity Admin Console, open the main menu and select Users.
- Select in the upper right corner of the console.
- In the Add IDP User Groupwindow, select External IDP Group.
- Type a name for the new IDP group.
- Optional:
Make all users in the group SOTI Identity account administrators. Leave unselected if the users only need access to other SOTI ONE applications.
Note: Account administrators can manage and modify all settings in your SOTI Identity console and account so you should be careful who you make an account administrator.
- Select Add to add the IdP group to SOTI Identity.
Results
You've connected your Google Workspace connection to SOTI Identity. Users in the groups you just added will receive an email that notifies them that they've been enrolled in SOTI Identity. However, they won't have access to any applications until you assign one.
What to do next
Assign applications to Google Workspace user groups.