G Suite as IDP – Cloud SAML

Part 2: Setup miniOrange with G Suite

Step 1. Setup G Suite as IDP

Follow the following steps to set up Google Apps / G Suite as an Identity Provider

  Login as Administrator


• Go to https://admin.google.com and login with your G Suite administrator account.
• Go to Apps from the left menu and click SAML Apps.
  
  
  Add a SAML app


• Click on the “+” button at the bottom right corner to create a new SAML app.
• Select button SETUP MY OWN CUSTOM APP
  
  
  IDP Information


• Copy G Suite details from Option 1 of Step 2 and download the Certificate to configure the add-on manually.
• OR You can also download the IDP metadata from Option 2 of Step 2, and then click Next.
• Fill up the Basic Information for custom App such as Application Name( Eg. SAML App) and Description as per your choice.
• Click Next.
  
  
  Service Provider Details



• Enter details from the SP Info tab in the add-on as given below.
  
  

Information to be entered in G Suite	Information to copy from the add-on in SP Info tab
ACS URL	ACS URL
Entity ID	SP Entity ID/ Issuer
Signed Response	✓
Name ID Format	EMAIL

• Click Next.
  Attribute Mapping


• Click on Add New Mapping
• Add mapping for first name and last name
• Click on Finish
  
  
  Turn on


• By Default SAML Apps are turned off for everyone.
• Select Edit Service option.

• Change the setting to select ON for everyone to activate SSO.
• Note: All the users will be asked to SSO to access G Suite Apps and they will not be able to login normally using a username and password.

Step 2. Setup miniOrange as Service Provider

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Provider. Then click on Add Identity Provider

• Select SAML tab.

You can get the metadata details of miniOrange app either by clicking on the link shown by "Click here" in the yellow block, Or you can also get the details after creating the app. Keep these details handy as we will need these in configuring Salesforce.
• Click on Show Metadata details under For SP - INITIATED SSO. You can either manually enter details or use Metadata URL or File

• Now to create SAML app for Salesforce, go to the Add Identity Provider page and click on Import IDP Metadata. Import the metadata file that you will get from the SAML Login Information section of Salesforce.

• If you don't have a metadata file, you can also provide the details manually. You need to configure following endpoints:

IDP Entity ID	Entity ID of IDP
Single Login URL	Login Url from IDP
Single Logout URL	Logout Url from IDP
X.509 Certificate	The public key certificate of your IDP.

• Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:

Domain Mapping	Can be used to redirect specific domain user to specific IDP
Show IdP to Users	Enable this if you want to show this IDP to all users during Login
Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP

• Click on Save.

Step 3. Test connection between miniOrange and Google Apps/G-Suite

• Go to the miniOrange Admin Dashboard.
• Go to Identity Providers tab. Then click on select button under the app you just created. Then click on Test Connection.
• A new popup login window will open. Enter your credentials and login.

• Now you will see TEST SUCCESSFUL in a new popup window. If not, then check if you have missed any of the above step.