Hello there!

Need Help? We are right here!
support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Google Apps Security
miniOrange provides a ready to use solution for Google Apps. This solution ensures that you are ready to roll out secure access to Google Apps to your employees within minutes.
Free Trial

Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.


Google Logo

Google Apps Security


miniOrange provides secure access to Google Apps for enterprises and full control over access of Google Apps application, Single Sign On (SSO) into your Google Apps Account with one set of login credentials. miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user. Now you can restrict use of Google Apps only within intranet and block user access from outside network.

Contents


Follow the Step-by-Step Guide given below for Restrict Google Apps Access.


Step 1: Configure Single Sign On (SSO) Settings for Google Apps

Step 2: Steps to restrict access of Google Apps outside office premises (IP Based restriction)

Step 3: Setup Single Sign On for your domain in Google Apps

Step 4: Now sign in to your Google Apps account with miniOrange IdP by either of the two steps:

    1. Using SP initiated login :-

    1. Go to http://mail.[domain_name], enter your Email Address and click on Login. Now you will be redirected to miniOrange IdP Sign On Page.
      2. miniOrange Login Page

    2. Enter your miniOrange login credential and click on Login. You will be automatically logged in to your Google Apps account.

    2. Using IdP initiated login :-

    1. Login to your miniOrange Self Service Console as an End User and click on the Google Apps icon on your Dashboard.
      2. miniOrange Self Service Console

OR


Follow the Step-by-Step Guide given below to configure Google Apps as IdP to Single Sign On to WordPress.

STEP 1: Configure Wordpress site as SAML Service Provider in Google Apps

  • Go to https://admin.google.com and login to your Google Apps Administrator account.
  • On the Admin Home, select More Controls > Apps.
    • Google Apps Security Google Admin Home

  • In the App Settings, select SAML apps.
  • Click on the "+" button at the bottom right corner to create a new SAML app.
  • Now select SETUP MY OWN CUSTOM APP from the popup.
    • Google Apps Security SAML Apps Setup My own App

  • On the next screen, note down the SSO URL, Entity ID URLs and download the certificate. These will be required while configuring the Plugin.
  • Once you have noted down the URLs and downloaded the certificate, click on Next.
  • Enter the Application Name and Description. Click on Next.
  • Configure the following things on the next screen:
    • ACS URL ACS (AssertionConsumerService) URL from Step1 of the plugin under How to Setup SP in Google Apps Tab.
    Entity ID SP-EntityID / Issuer from Step1 of the plugin under How to Setup SP in Google Apps Tab.
    Signed Response Checked
    Name ID Select Basic Information from the first dropdown. Then Primary Email from the second dropdown.
    Google Apps Security Configure Custom SAML App

  • Click on Next. Then click on Finish.
  • Now go to SAML Apps again. Click on the menu link corresponding to your app (See the screenshot). Then select ON for everyone.

    Google Apps Security Enable SSO for everyone

  • From the popup, Click on TURN ON FOR EVERYONE.

STEP 2: Configuring Google Apps as Identity Provider in Wordpress Login with Google Apps plugin

  • In miniOrange Login with Google Apps plugin, go to IDP Setup tab and enter the following details:
    • Identity provider Name: GoogleApps
    SAML Login URL The SSO URL that you noted down while configuring the Wordpress site in Google Apps.
    IdP Entity ID or Issuer The Entity ID that you noted down while configuring the Wordpress site in Google Apps.
    X.509 Certificate Open the downloaded certificate in the Notepad. Copy paste the entire content of the file here.
    Response Signed Checked
    Assertion Signed UnChecked
  • Click Save to configure the plugin and test the configuration by clicking on Test Configuration.

Follow the Step-by-Step Guide given below to configure Google Apps as IdP to Single Sign On to Canvas using miniOrange broker service.


STEP 1: Identify your primary Identity source and configure it in miniOrange.

  • Configure Google Apps to register the miniOrange broker service.
  • Enter following details for Service Provider details in Google Apps configuration:
    • ACS Url https://login.xecurify.com/moas/broker/login/saml/acs/<YOUR_CUSTOMER_KEY>
    SP Entity ID https://login.xecurify.com/moas/
  • Now login to your miniOrange Admin Console.
  • Go to Identity Providers from side menu.
  • Click on Add Identity Provider button in top right corner of the screen.
  • Add your Identity Source here entering all the required fields that you noted down while configuring Google Apps and click on SAVE button.

    • Google Apps Security Add SAML Identity Provider

Step 2: Configure Single Sign On (SSO) Settings for Canvas LMS

  1. Login to miniOrange miniOrange Admin Console.
  2. Go to Apps >> Manage Apps
  3. Click Add Application button in top right corner of the screen. Click on SAML tab and select Canvas app.
    4. Configure Canvas App

  4. Make sure the SP Entity ID or Issuer is in the format: https://your_domain.acme.instructure.com/saml2
  5. Make sure the ACS URL is in the format: https://your_domain.acme.instructure.com/saml
  6. In the Attributes section, enter the value NameID in the Attribute Name field, select E-Mail Address from the Attribute Value list and click on Save button.
  7. Go to Apps -> Manage Apps and click on Select button to configure Canvas app.
  8. Click on Metadata from Select dropdown, then select Show Metadata Details and click on Download Certificate button to download the certificate which will be required later.
    9. Get Canvas Metadata

Step 3: Configure Single Sign On (SSO) SAML Settings in Canvas LMS

  1. Login to your Canvas LMS domain as an Account Administrator.
  2. Switch to Admin View from bottom-right of the screen .
  3. Go to Admin and click on your domain name.
    4. Canvas Select Domain from side panel

  4. Click on Authentication in the left pane and select SAML from the Choose an authentication service drop down list.
    5. Canvas configure Authentication

  5. Enter the following details:
    6. IdP Entity IDhttps://login.xecurify.com/moas
    Log On URLhttps://login.xecurify.com/moas/broker/login/saml/acs/<YOUR_CUSTOMER_KEY>
    Certificate FingerprintFollow the steps below to copy the Thumbprint of certificate.
    Login AttributeNameID
    Identifier Formaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Authentication Contexturn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  6. Open the certificate that was downloaded earlier.
  7. Go to Details.
  8. In the Field column, select Thumbprint.
  9. Copy the Thumbprint that opens in the pane by pressing CTRL+C (Right-Click wont work!).
  10. Paste the Thumbprint in the Certificate Fingerprint.
  11. Make sure that there are no spaces in between the Certificate Fingerprint. Remove them manually.
  12. Click the Save to save the Single Sign On (SSO) SAML settings.
  13. Use https://your_domain.acme.instructure.com/login/saml to test the configuration.

Access Restriction to Google apps using miniOrange cloud based solution

Challenge

A new work law in some countries impose restrictions on the working hours of an employee. If a worker receives such an e-mail and has to act on it, he or she qualifies for overtime pay. In such scenario, companies can restrict access by turning off email servers physically and stop the flow of incoming messages, which is indeed not a good solution. Companies need to refrain group of employees from checking inbox after office hours.

Solution

miniOrange Google apps security along with fraud prevention dynamically analyses users request and applies time based restrictions policies to application (Google apps) access, which minimizes the risk of access after office hours. Also if user is already logged in into Google apps, miniOrange automatically logs out all the users after office hours which is configured by administrator.

Time based restriction:

Time based restrictions can be set up by configuring a policy so that employees won’t access any email after office hours. A time slot can be set up in time restriction field in which cloud application can be accessed. A report stating access deniel is received if employee tries to access the application outside the declared time slot. Time based restrictions can be set up by configuring Risk Based Access / Adaptive Authentication policy. Forced logout option has to be set up necessarily in order to set time restriction.

"Time Restrictions highly matter when business remuneration outflow is governed by employee working hours"

Clock On World

The restrictions which can be set by setting up policy during configuration of Google apps single sign-on are discussed below.

IP based restriction:

Google apps is set up for Single Sign On and access of Google apps outside office premise can be restricted by using IP based restriction. IP restriction restricts access within a network which minimizes the risk of unauthorized access. Access can be kept open for some users from outside network by creating different group for them.

Device based restriction:

Device restriction policy sets limit on number of devices from which user can access the account. This ensures that user can login only from his or her device and no one else can login to users account even if he or she knows the credentials.

Location based restriction:

With location based restriction user can setup policy to configure list of allowed locations and blocked locations. This will be needed in a case where you want to restrict your application access to specific locations and removing risk of attacks by blocking all other locations.


For further details refer :
https://developers.google.com/google-apps/sso/saml_reference_implementation
https://support.google.com/a/answer/60224?hl=en


Why Our Customers choose miniOrange Secure Identity Solutions ?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

   +1 978 658 9387 (US)   ,   +91 77966 99612 (India)    |       info@xecurify.com