This document provides the instructions for setting up UPSSO as a Third Party IDP to GSUITE application using SAML protocol.

PREREQUISITES

  1. Administrator access to the UPSSO portal.

  2. Administrator access to the GSUITE application.

CONFIGURING GSUITE IN UPSSO

  1. Login to the UPSSO portal as an administrator.

  2. Click on the “Application Management” menu and then click the new record button and select SAML application as highlighted below.

3. Click on the “GSuite” icon, Add this application.

4. Enter the GSuite domain name and click on the “SAVE” button.

DOWNLOADING UPSSO (IDP) CERTIFICATE

  1. Login to the UPSSO portal as an administrator.

  2. Click on the “IDP Resources” => “IDP Resources” from the left side menu.

  3. Click on the “DOWNLOAD IDP CERTIFICATE” button.

4. A certificate file “server.crt” will be downloaded. Please keep this file as we need to import this certificate in GSuite next section.

CONFIGURING UPSSO IN GSUITE

  1. Login into https://admin.google.com/

  2. Click on “Security” from the menu.

  3. Click on the “Set up single sign-on (SSO) with a third party IdP” option.

4. Select the checkbox “Set up SSO with third-party identity provider”.

5. Enter “Sign-in page URL” as “https://<UPSSO_SERVER_HOST>/upsso/upsso-service”.

6. Enter “Sign-out page URL” as “https://<UPSSO_SERVER_HOST>/upsso/logout”.

7. Upload the verification certificate (The server.crt file download in the above section)

8.  Select the checkbox “Use a domain-specific issuer”.

9. Click on the “SAVE” button.

10. Look at the following screenshot for reference

TESTING THE INTEGRATION

  1. Login into the UPSSO portal as a user (The mail id of this user should exist in GSuite)

  2. Click on the “Application” from the left side menu.

  3. Click on the “GSUITE” icon.

4. Enter the OTP

5. The user will be logged in to the GSUITE application.