Google Apps provide a set of
services that companies sometimes leverage for their day to day
activities, which allow their employees to offload mail, calendar,
document storage... in the Google cloud.
a company purchases Google Apps for its employees, it needs to create
user accounts in Google and provide the employees with their account
- Username and password to access Google Apps
- How to set/reset their password in Google Apps (initially, or if the password needs to be reset periodically)
time the user needs to access Google Apps, an authentication operation
will take place where the user will enter the Google Apps credentials,
which will be different from the on-premise company's user credentials.
Apps supports the SAML 2.0 SSO protocol as a Service Provider, where
the Google Apps service for the company can be integrated with the
on-premise Federation SSO IdP server in order to:
true SSO capabilities for the user: the user authentication state is
propagated from the on-premise security domain to Google Apps
- Not force the user to manage and remember a different set of credentials
- Allow the on-premise administrator to control more efficiently password policies locally.
this article, I will describe step by step how to integrate Google Apps
as an SP with OIF as an IdP via the SAML 2.0 SSO protocol.
note: enabling Federation SSO for a domain will also affect the
administrators for that domain who will need to authenticate via
Federation SSO thereafter.
Enjoy the reading!