Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Google Suite SSO Integration with Idaptive

This procedure describes how to integrate Single Sign-On (SSO) with Idaptive IdP.

Prerequisites

Make sure you have the following items before integrating SSO with Idaptive IdP:

Configure the Direct SSO Integration 

Perform the following activities to achieve the SSO Integration directly without a proxy:

Step 1: Configure Idaptive in the IdP Portal

  1. Login to the Idaptive admin portal to configure IdP.
  2. Go to Apps > Web Apps and click Add Web Apps.
    clipboard_e53b565db9a69f8394a63e0d615decf74.png
  3. Search for G Suite to find the required web application results.
  4. To add G Suite SAML + Provisioning, click Add.
    clipboard_e2f7f18785753e96a22ec1a47427cc425.png
  5. You are redirected to the G Suite Application Configuration page. To add G Suite domain, click Settings and configure:
    • Description: Enter the description of the G Suite domain.
      clipboard_ee88070194b1cb8de0fd148c8905f35e8.png
    • Name: Enter the name of the G Suite domain.
  6. Click Save.

Configure the Identity Provider

  1. Navigate to Trust > Identity Provider Configuration and click Manual Configuration.
    clipboard_e17604372fe45c7d7d41ef552600d7602.png
    • To download the IdP Certificate, open the Signing Certificate and click DOWNLOAD CERTIFICATE.
    • To copy the Sign-in page URL and Sign-out page URL, click Copy.
    • You can save the URL and use it in G Suite SSO Configuration.
  2. Login to the G Suite admin portal to access SP Entity ID and ACS URL (listed as SSO URL).
  3. Choose Security > Set up single sign-on (SSO) to go to the SSO page and save the SSO URL.
    clipboard_e3ba402299128a353f2ba377146a1314b.png
  4. To download the SP Certificate, click DOWNLOAD CERTIFICATE.

Configure the Service Provider

  1. Go to Trust > Service Provider Configuration and click Manual Configuration. 
    clipboard_ed31109e1299734bbb05597a369dccebc.png
    • Enter the valid details in SP Entity ID and ACS URL.
    • Select Sign Response or Assertion? as Response.
    • Select NameID Format as emailAddress.
    • To save the Trust Configuration, click Save.
  2. To add users in the G Suite domain list, click Permissions > Add.
    NOTE: Before configuring IdP, you should create a user (same as G Suite user) in the Idaptive portal.
    clipboard_e264b76c1bf8f8ce53f950285a8b99ecb.png
  3. Click Linked Applications to configure the G Drive domain.
  4. To add the G Drive domain along with the description, click Add.
    clipboard_e5f622d8ae8db858770e9d2f59b11d1e7.png
  5. Click Save.

Step 2: Configure SP in G Suite Portal

  1. Login to the G Suite admin portal to configure SP.
    clipboard_e920487d16aaf97c35b8b1c0b0c63d7af.png
  2. Choose Security > Set up single sign-on (SSO) to go to the SSO page. Configure the following:
    clipboard_eecbead84cc2ee2e626c97ec45dc5c5fc.png
    • To enable SSO with a third-party identity provider, activate the checkbox Setup SSO with third party identity provider.
    • Enter the Sign-in page URL and Sign-out page URL copied from the Identity Provider Configuration.
    • To verify the certificate, upload the IDP Certificate downloaded from the Identity Provider Configuration.

Step 3: Validate the SSO Direct Integration

  1. Log in to Idaptive using user credentials.
    clipboard_eea497f00529663f99db737c1b5b6307f.png
     
  2. Click G Suite listed on the homepage. You are redirected successfully to the G Drive application in a new tab.
    clipboard_eb10aa7f893b1068a48d48043429be639.png

When the users can access the contents in G Drive then the SSO direct configuration is successful with Idaptive (IDP).

Setup the SSO Integration via Proxy

Perform the following steps to achieve the SSO Integration via Proxy:

Step 1: Configure Proxy in Skyhigh CASB 

  1. Login to Skyhigh CASB to configure SAML setup for the existing G Drive managed service.
  2. To set up SAML, click managed G Drive instance and select Setup > Configure.
  3. Under Upload Identity Provider Certificate, upload the IDP Certificate and click Next.
  4. Under Provide Service Provider Certificate, upload the SP Certificate and click Next.
  5. Download Proxy Certificate and save it in your local folder.

Step 2: Configure Idaptive in the IdP Portal

  1. Log in to Idaptive using Administrator credentials.
  2. Navigate to the SSO configured G Suite.
  3. Go to SAML Response and scroll to Custom Logic.
    clipboard_ee87aec9caa383e1db868b914c10096ba.png
  4. Under Customer Logic, change the Audience and Service URL as listed:
  5. Click Save.

Step 3: Validate the SSO Via Proxy

  1. Log in to Idaptive using user credentials.
  2. Click G Suite listed on the homepage. You are redirected successfully to the G Drive application in a new tab. Check the address bar to confirm the access is via proxy.
    clipboard_e782bc0a940eba1905602903aa04c964f.png

The address bar concludes that the SSO configuration via proxy is successful for Google Drive with Idaptive.

  • Was this article helpful?