G Suite as IDP – Cloud SAML
Part 2: Setup miniOrange with G Suite
Step 1. Setup G Suite as IDP
- Go to https://admin.google.com and login with your G Suite administrator account.
- Go to Apps from the left menu and click SAML Apps.
- Click on the “+” button at the bottom right corner to create a new SAML app.
- Select button SETUP MY OWN CUSTOM APP
- Copy G Suite details from Option 1 of Step 2 and download the Certificate to configure the add-on manually.
- OR You can also download the IDP metadata from Option 2 of Step 2, and then click Next.
- Fill up the Basic Information for custom App such as Application Name( Eg. SAML App) and Description as per your choice.
- Click Next.
- Enter details from the SP Info tab in the add-on as given below.
- Click Next.
- Click on Add New Mapping
- Add mapping for first name and last name
- Click on Finish
- By Default SAML Apps are turned off for everyone.
- Select Edit Service option.
- Change the setting to select ON for everyone to activate SSO.
- Note: All the users will be asked to SSO to access G Suite Apps and they will not be able to login normally using a username and password.
Follow the following steps to set up Google Apps / G Suite as an Identity Provider
Login as Administrator
Add a SAML app
IDP Information
Service Provider Details
| Information to be entered in G Suite | Information to copy from the add-on in SP Info tab |
| ACS URL | ACS URL |
| Entity ID | SP Entity ID/ Issuer |
| Signed Response | ✓ |
| Name ID Format |
Attribute Mapping
Turn on
- Go to miniOrange Admin Console.
- From the left navigation bar select Identity Provider. Then click on Add Identity Provider
- Select SAML tab.
- Click on Show Metadata details under For SP - INITIATED SSO. You can either manually enter details or use Metadata URL or File
- Now to create SAML app for Salesforce, go to the Add Identity Provider page and click on Import IDP Metadata. Import the metadata file that you will get from the SAML Login Information section of Salesforce.
- If you don't have a metadata file, you can also provide the details manually. You need to configure following endpoints:
- Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
- Click on Save.
Step 2. Setup miniOrange as Service Provider
You can get the metadata details of miniOrange app either by clicking on the link
shown by "Click here" in the yellow block, Or you can also get the details after creating the
app. Keep these details handy as we will need these in configuring Salesforce.
| IDP Entity ID | Entity ID of IDP |
| Single Login URL | Login Url from IDP |
| Single Logout URL | Logout Url from IDP |
| X.509 Certificate | The public key certificate of your IDP. |
| Domain Mapping | Can be used to redirect specific domain user to specific IDP |
| Show IdP to Users | Enable this if you want to show this IDP to all users during Login |
| Send Configured Attributes | Enabling this would allow you to add attributes to be sent from IDP |
Step 3. Test connection between miniOrange and Google Apps/G-Suite
- Go to the miniOrange Admin Dashboard.
- Go to Identity Providers tab. Then click on select button under the app you just created. Then click on Test Connection.
- A new popup login window will open. Enter your credentials and login.
- Now you will see TEST SUCCESSFUL in a new popup window. If not, then check if you have missed any of the above step.
