Google Workspace SAML Integration
This document explains how to implement MonoSign with Google Workspace. It covers Single Sign-On. Before you continue, it is better to start with Google Workspace’s Single Sign-On implementation page.
Creating Google Workspace Application on MonoSign
Navigate to Applications page by clicking Applications button on the navigation bar. To create a new application, please click the “Add New“ button. “Add New“ button navigate you to Application Create Page.
Firstly, let’s start setting up the Application Name, Application URL and Application Logo on Application Create Page. Application URL must be the one that “Google Workspace“ will give us while configuring SAML Authentication method.
Please go to MonoSign Management “Application Create“ page, fill in the inputs as shown and click the “Finish“ button.
Fields | Description |
---|---|
Name | Application Name that will be displayed applications page |
URL | Application URL that copied from “Google Workspace“ application SSO SAML authentication configuration document |
Logo | Application Logo that will be displayed applications page |
Profile Access Type | User Profile Information that “Google Workspace“ application needs to be mapped |
Once application is created successfully, system will navigate you to Application Detail page.
Click the “Keys“ tab on Application Detail Page and then click the “Add New Access Key“ to add a SAML access key to the “Google Workspace” Application.
A modal will open when the button clicked. SAML2 Settings tab will be generated when you select “SAML” key type on the modal.
We will configure “SAML2 Settings“ after key is generated on MonoSign. To generate “SAML2 Application Access Key”, please click the “Save“ button.
The SAML application key will be generated as shown.
Once Google Workspace Admin user created on Google Workspace for your organization, first of all, verify your domain with a TXT record.
Please follow the instructions to verify your organization domain.
Once your organization domain verified by Google DNS servers, you can start configuring SAML on both application.
To configure the SAML authentication method on Google Workspace and MonoSign, firstly admin user needs to navigate to Google Workspace Admin Panel via following the instructions on Google Workspace SAML SSO configuration instructions page as shown.
Admin user will be redirect to the Google Workspace Admin Panel for the organization.
Navigate to Security → Authentication → SSO with third-party IdP page as shown.
You will see the SSO configuration page for third-party IdPs. Now you will configure the settings for MonoSign IdP.
Firstly, you need to add a SAML Profile for MonoSign by clicking the “Add SAML Profile“ button.
Once the button clicked, “Add a new SAML SSO Profile“ page will be shown.
On the page, you will see the inputs about SAML SSO configurations. Please fill in the inputs with the information from MonoSign as shown.
Certificate input corresponds to the x509 format of the issued certificate for your SAML key on MonoSign.
Once the configurations completed correctly, please click the “Save“ button to save MonoSign SAML SSO profile.
If your organization wants all your users using SSO will use one IdP, please click the “pen“ button to open “Third-party SSO profile for your organization“ page.
Please use the option and configure the “Third-party SSO profile for your organization“ as shown.
Once the inputs filled correctly and configurations completed please click the “Save“ button and navigate to SSO with third-party IDPs page.
The next step is “Manage SSO Profile Assignment“.
On the SSO with third-party IDPs page, you will see “Manage SSO profile assignments“ section to view and manage assignments for organizational units or groups. Please click the “Manage“ button as shown.
On the page, please click “Another SSO Profile“ button and choose the MonoSign-SAML profile as we created in the previous step. When all the other configurations completed as shown, please click the “Save“ button.
We are almost done on the Google Workspace configuration side. Let’s move to the last section.
The last section is “Manage domain-specific service URLS“ section. In this section, you can control what happens when users sign in using service URLs. Please click the “pen“ button to open “Manage domain-specific service URLS“ page.
On the page, please click “Automatically redirect users to the third-party IdP in the following SSO profile“ button and choose the MonoSign SSO profile. When configuration is completed as shown, please click the “Save“ button.
Configurations are completed on Google Workspace “SSO with third-party IDPs” Configuration page.
You need some information from Google Workspace MonoSign SAML Profile to configure SAML2 Settings on MonoSign Access Key Configuration Modal.
To get informations from Google Workspace, please click “MonoSign” SAML Profile as shown.
Please copy Entity ID and ACS URL to complete the configuration on MonoSign SAML Settings modal.
Please fill in the inputs with the informations that copied from Google Workspace as shown.
It’s so important that you fill in the inputs correctly. Otherwise SAML authentication will not be performed.
SAML2 Settings | Value |
---|---|
Assertion Consumer Url | |
Entity Id | https://accounts.google.com/samlrp/metadata?rpid=01lg1utu3wzspa8 |
NameId Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Name Id |
When all the inputs are filled, please click the “Save“ button.
Configurations are completed on MonoSign Google Workspace Application Key page and Google Workspace SSO with third-party IdP page.
Now you can test if SSO SAML Login works with MonoSign.
Please create a user named “gsuiteuser“on MonoSign and Google Workspace with the same mail address. Assign the user on “Google Workspace” application created on MonoSign.
Please open “https://accounts.google.com/“ address on your browser and type username email address as shown.
When “Next“ button clicked, you will navigate to MonoSign login page.
Now you can login with your MonoSign username and password. You will navigate to your Google Workspace account as shown.
If you logged in to your Google Workspace account with MonoSign, it means everything seems perfect and done well.