- Log in to GSuite and go to Security > Setup Single Sign On.
- Check the Setup SSO with third party identity provider box and configure the settings. (In the screenshot above,
<domain> is the IP address on which your M-Pin SSO is installed.) Settings:
- Sign-in page URL – the SAML SSO Endpoint URL of your M-Pin SSO System (found under Global Settings > SSO information in the M-Pin SSO web console)
- Sign-out page URL – the URL to redirect your users to when they log out of the application (can be set to any URL)
- Change password URL – the URL of the page on which users can change their passwords to the application (can be set to any URL)
- Verification certificate – the M-Pin SSO X.509 certificate (found under Global Settings > SSO information in the M-Pin SSO web console)
- Click on SAVE CHANGES link to apply your settings and finish the procedure.
In the M-Pin SSO web console:
- Under Integration, click on the + button next to GApps profiles.
The Add GApps profile page is displayed.
- Complete the required fields and save the profile. Settings:
- Name: (required) – name of the profile, e.g. Sample G Suite Profile
- LDAP Profile: – if you have LDAP profiles configured, they will be available in this drop-down
- Recipient URL: – IAM end point for the client app (if any)
- Domain: (required) – The domain on which your application resides, e.g. example.com.
- RelayState (conditional) – URL of the Google application you want to redirect the user to after successful SSO. The recommended value at the time of writing (late 2015) is https://gsuite.google.com, but it can be any other valid application URL, e.g. https://mail.google.com, https://drive.google.com.
After saving, the profile is displayed on the GApps profiles page.
From this point on, when your users visit the G Suite service and enter an email address belonging to the profile just set up, G Suite will detect that single sign-on is enabled and a password will no longer be necessary.