G Suite as IDP – Cloud SAML


Part 2: Setup miniOrange with G Suite


Step 1. Setup G Suite as IDP

      Follow the following steps to set up Google Apps / G Suite as an Identity Provider

      Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login  Login as Administrator

        • Go to https://admin.google.com and login with your G Suite administrator account.
        • Go to Apps from the left menu and click SAML Apps.

          Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login, SAML Apps
      Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login  Add a SAML app

        • Click on the “+” button at the bottom right corner to create a new SAML app.
        • Select button SETUP MY OWN CUSTOM APP

          SAML Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login, Setup Custom App to Enable SSO
      Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login  IDP Information

        • Copy G Suite details from Option 1 of Step 2 and download the Certificate to configure the add-on manually.
        • OR You can also download the IDP metadata from Option 2 of Step 2, and then click Next.
        • Fill up the Basic Information for custom App such as Application Name( Eg. SAML App) and Description as per your choice.
        • Click Next.

          SAML Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login, Fill Basic Information for Custom App
      Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login  Service Provider Details

          SAML Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login, Fill Service Provider Details
        • Enter details from the SP Info tab in the add-on as given below.

        • Information to be entered in G Suite Information to copy from the add-on in SP Info tab
          ACS URL ACS URL
          Entity ID SP Entity ID/ Issuer
          Signed Response
          Name ID Format EMAIL
        • Click Next.
      Single Sign On into Google Apps/G-Suite, Google Apps/G-Suite SSO Login  Attribute Mapping

        • Click on Add New Mapping
        • Add mapping for first name and last name
        • Click on Finish

          SAML Single Sign On (SSO) using Google Apps/G-Suite Identity Provider,Google Apps/G-Suite SSO Login, Attribute Mapping
      Single Sign On using Google Apps/G-Suite, Google Apps/G-Suite SSO Login  Turn on

        • By Default SAML Apps are turned off for everyone.
        • Select Edit Service option.
        • SAML Single Sign On (SSO) using Google Apps/G-Suite Identity Provider,Google Apps/G-Suite SSO Login, Edit Service
        • Change the setting to select ON for everyone to activate SSO.
        • Note: All the users will be asked to SSO to access G Suite Apps and they will not be able to login normally using a username and password.


        • SAML Single Sign On (SSO) using Google Apps/G-Suite Identity Provider,Google Apps/G-Suite SSO Login, Assign App to Everyone

    Step 2. Setup miniOrange as Service Provider

  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider. Then click on Add Identity Provider
  • Salesforce Saml App
  • Select SAML tab.
  • Salesforce Saml App
    You can get the metadata details of miniOrange app either by clicking on the link shown by "Click here" in the yellow block, Or you can also get the details after creating the app. Keep these details handy as we will need these in configuring Salesforce.
  • Click on Show Metadata details under For SP - INITIATED SSO. You can either manually enter details or use Metadata URL or File
  • Salesforce Saml App
  • Now to create SAML app for Salesforce, go to the Add Identity Provider page and click on Import IDP Metadata. Import the metadata file that you will get from the SAML Login Information section of Salesforce.
  • Salesforce Saml App
  • If you don't have a metadata file, you can also provide the details manually. You need to configure following endpoints:
  • IDP Entity ID Entity ID of IDP
    Single Login URL Login Url from IDP
    Single Logout URL Logout Url from IDP
    X.509 Certificate The public key certificate of your IDP.
  • Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
  • Domain Mapping Can be used to redirect specific domain user to specific IDP
    Show IdP to Users Enable this if you want to show this IDP to all users during Login
    Send Configured Attributes Enabling this would allow you to add attributes to be sent from IDP
  • Click on Save.

Step 3. Test connection between miniOrange and Google Apps/G-Suite

  • Go to the miniOrange Admin Dashboard.
  • Go to Identity Providers tab. Then click on select button under the app you just created. Then click on Test Connection.
  • A new popup login window will open. Enter your credentials and login.
  • Atlassian Access Cloud SSO (Single Sign-On) Add Member
  • Now you will see TEST SUCCESSFUL in a new popup window. If not, then check if you have missed any of the above step.