Google Workspace - SSO Configuration

Google Workspace - SSO Configuration

Idea
This documentation has been tested and approved by Kelvin Zero's team
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Google Workspace and its suite using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
Warning
To set up Multi-Pass with Google Workspace, ensure you meet the following requirements:
- Cloud Identity account with super-admin privileges
- Admin rights
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.

Configuring Google Workspace


  1. Access the Dashboard using this link: https://dashboard.kzero.com/.
  2. Authenticate, then click on your deployment and select “Admin Console.”
  3. Retrieve the x509 certificate by opening MPAS: 
    -On your deployment page, click “Admin Console.”
    -In the left menu, click “Realm Settings.”
  1. Click on the “Keys” section.
  2. In the RS256 row, click on “Certificate.”

  1. A pop-up will appear. Copy all the text and paste it into Notepad.
  2. Save the file as x509_certificate.txt.
Do not forget to add at the beginning of the text -----BEGIN CERTIFICATE----- and at the end -----END CERTIFICATE----- // Do not add space or press enter
  1. Go to Google and open your Admin Console.
  2. On the left side menu, click “Security”, then “Authentication”, and finally “SSO with third-party IdP.”

  1. Click “Third-party SSO profiles”, then select “Add SAML profile.”
  2. Complete the form with the following information and click “Save.”
    1. Name = Choose the name (Example: Multi-pass)
    2. IDP entity ID = https://ca.auth.kzero.com/realms/<REALM NAME>
    3. Sign-in page URL = https://ca.auth.kzero.com/realms/<REALM NAME>/protocol/saml
    4. Sign-out page URL = https://ca.auth.kzero.com/realms/<REALM NAME>/protocol/openid-connect/logout
    5. Change password URL = https://ca.auth.kzero.com/realms/<REALM NAME>/account
    6. Upload certificate = .TXT file you created based on the certificate you can find on MPAS

  1. Go back to MPAS.
  2. Click on “Client”, then select “Create Client.”

  1. Complete the required fields and click “Next.”
    1. Client type = SAML
    2. Client ID = Entity ID from Google (https://accounts.google.com/samlrp/01t0za600nccrgg)
    3. Name = For example (googleworkspace)
    4. Description = For example (SSO integration)
    5. Always display in UI = ON

  1. Complete all required fields and click “Save.”

  1. Go to the “Keys” section and turn off both items.

  1. Go to the “Advanced” section and paste the redirect URL provided by Google into both the “Assertion Consumer Service POST Binding URL” and “Logout Service POST Binding URL.

Notes
Once Google Worskpace is integrated with MPAS, make sure you assign the SSO setting to the required Groups and/or Users in your Google Workspace Admin Console

    • Related Articles

    • Datadog - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Datadog using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Trend Micro - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Trend Micro using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Zendesk - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Zendesk using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • BambooHR - SSO Configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Bamboo HR using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • FortiAuthenticator - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for FortiAuthenticator using MPAS. SSO simplifies user authentication by allowing access to ...