G Suite

  1. Log in to GSuite and go to Security > Setup Single Sign On.
  2. Check the Setup SSO with third party identity provider box and configure the settings. (In the screenshot above, <domain> is the IP address on which your M-Pin SSO is installed.) Settings:
    • Sign-in page URL – the SAML SSO Endpoint URL of your M-Pin SSO System (found under Global Settings > SSO information in the M-Pin SSO web console)
    • Sign-out page URL – the URL to redirect your users to when they log out of the application (can be set to any URL)
    • Change password URL – the URL of the page on which users can change their passwords to the application (can be set to any URL)
    • Verification certificate – the M-Pin SSO X.509 certificate (found under Global Settings > SSO information in the M-Pin SSO web console)
  3. Click on SAVE CHANGES link to apply your settings and finish the procedure.

In the M-Pin SSO web console:

  1. Under Integration, click on the + button next to GApps profiles.
    The Add GApps profile page is displayed.
  2. Complete the required fields and save the profile. Settings:
    • Name: (required) – name of the profile, e.g. Sample G Suite Profile
    • LDAP Profile: ­– if you have LDAP profiles configured, they will be available in this drop-down
    • Recipient URL: ­– IAM end point for the client app (if any)
    • Domain: (required) – The domain on which your application resides, e.g. example.com.
    • RelayState (conditional) – URL of the Google application you want to redirect the user to after successful SSO. The recommended value at the time of writing (late 2015) is https://gsuite.google.com, but it can be any other valid application URL, e.g. https://mail.google.com, https://drive.google.com. After saving, the profile is displayed on the GApps profiles page. From this point on, when your users visit the G Suite service and enter an email address belonging to the profile just set up, G Suite will detect that single sign-on is enabled and a password will no longer be necessary.