G Suite IdP - Google SSO Cheat Sheet : Authentic8 Support

Prerequisites

• An existing G Suite instance with at least one user or user group established
• Silo Admin Console access, along with sufficient Silo Admin privileges for the org you wish to setup SSO with

A8 Admin Console

1. Define your vanity URL (e.g. mitchmurray)

Click Manage Users & Orgs then navigate to Edit Orgs > enter a Vanity URL value > Save

2. Enable SAML SSO via Policies > Access & Authentication > Single Sign-On

3. Download the SP Encryption Certificate (SP_cert.crt) from the Single Sign-On policy page to your local machine

Note: Do not hit Save, leave page open.

Google Admin Portal

1. Access the Google Admin Portal at admin.google.com
2. Click the APPS icon, then select SAML apps
3. Click the yellow [+] icon in the lower right corner
4. Select the blue SETUP MY OWN CUSTOM APP

5. Use Option 1 then copy and paste both SSO URL and Entity ID values to a local notepad application.

6. Download a copy of the Google Certificate, then click Next.

7. Name your Application (e.g. Authentic8), then click Next.

8. Copy the SP Post Back URL from the A8 Admin Console and paste it into the ACS URL field in the Google Admin portal.

Example: https://getsilo.com/sso/saml/mitchmurray/login -- make sure the URL doesn't end with a forward slash /

9. Copy the SP Identity ID value from the A8 Admin console and paste it to the Entity ID field in the Google Admin console.

NOTE: The Start URL field can be set to a value of 2 for Installed Client, or 4 for Web Client (a8silo.com)

10. Enable the Signed Response check box

11. Set the Name ID format to email, then click Next followed by Finish

Required: Assign Users

• From the G Suite Admin console

• Navigate to SAML Apps
• Select the Authentic8 SAML App you just created
• At the top right of the gray box, click Edit Service
• To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, then click Save

-- OR --

• To turn on or off a service only for users in an organizational unit:
• On the left, select the organizational unit
• Select On or Off

A8 Admin Console

Transfer the following information from the G Suite Admin Console to the A8 Admin Console

1. For IdP Issuer: Enter the Entity ID from G Suite
2. For IdP Login URL: Enter the SSO Logon URL from G Suite
3. IdP Signing Certificate: Upload the G Suite signing certificate

4. Click Save.

Make sure that you have the required Windows Registry values in place per our SAML SSO guideline:
https://support.authentic8.com/support/solutions/articles/16000035031-saml-sso-for-silo-access

Common Errors

PERMISSIONDENIED: FAILED TO PARSE SAML IDP TOKEN: 'NONETYPE' OBJECT HAS NO ATTRIBUTE 'ATTRIB'
• Ensure you have set your Signing Option to Sign SAML response

Failed to Parse SAML Token
• Ensure that the end-user exists in both Silo and G Suite with the same email address
• Ensure that the correct IdP Signing Certificate has been uploaded to Silo Admin Console

User Not Found
• The end-user may not be provisioned with a matching email address between Authentic8 and G Suite.

Important: Authentic8 makes no guarantee on third-party software integration. We assume no responsibility for errors or omissions pertaining to the third-party software or documentation available. The integration of a 3rd-party software is done solely at your own risk and discretion.

Authentic8 Support

How can we help you today?

G Suite IdP - Google SSO Cheat Sheet Print

How can we help you today?

G Suite IdP - Google SSO Cheat Sheet Print

Related Articles