By Damien Carru on Aug 01, 2014
Google Apps provide a set of services that companies sometimes leverage for their day to day activities, which allow their employees to offload mail, calendar, document storage... in the Google cloud.
When a company purchases Google Apps for its employees, it needs to create user accounts in Google and provide the employees with their account information:
- Username and password to access Google Apps
- How to set/reset their password in Google Apps (initially, or if the password needs to be reset periodically)
Every time the user needs to access Google Apps, an authentication operation will take place where the user will enter the Google Apps credentials, which will be different from the on-premise company's user credentials.
Google Apps supports the SAML 2.0 SSO protocol as a Service Provider, where the Google Apps service for the company can be integrated with the on-premise Federation SSO IdP server in order to:
- Provide true SSO capabilities for the user: the user authentication state is propagated from the on-premise security domain to Google Apps
- Not force the user to manage and remember a different set of credentials
- Allow the on-premise administrator to control more efficiently password policies locally.
In this article, I will describe step by step how to integrate Google Apps as an SP with OIF as an IdP via the SAML 2.0 SSO protocol.
Important note: enabling Federation SSO for a domain will also affect the administrators for that domain who will need to authenticate via Federation SSO thereafter.
Enjoy the reading![Read More]