Skip to main content

Configure OneView single-sign on with Google Workspace

Updated: 

The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for OneView with Google Workspace. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with OneView.

Add the application in Google Workspace

  1. In your Google Admin console, go to Menu, then Apps > Web and mobile apps.
  2. Click Add App > Add custom SAML app
  3. Enter the app name and optionally upload an app icon.
  4. Click Continue.

Setup Google Workspace SAML Settings

Google Workspace supports only one callback URL at a time, meaning that either Service Provider (SP) initiated or Identity Provider (IdP) initiated can be used, but not both simultaneously.

With SP initiated login, users enter their email address on the OneView login page and are then automatically redirected for authentication. In contrast, IdP initiated login allows users to click on their OneView tile within Google Workspace to access and log into OneView directly.

  1. In the OneView Single Sign-On page, copy the Assertion Consumer Service URL.
  2. Paste the copied URL into the ACS URL field in Google.
    • Note: To use SP initiated SSO, remove /acs from the URL. 
  3. In OneView, copy the Service Provider Entity ID URL.
  4. Paste the copied URL into the Entity ID field in Google.
  5. For extra security, enable or disable the Signed response checkbox:
    • Enabled: The entire SAML authentication response must be signed.
    • Disabled: Only the assertion within the response is signed.
  6. Set the Name ID format and value for your custom SAML app.
    • Name ID Format: Email
    • Name ID: Basic Information > Primary Email.
  7. Click Continue.
  8. Map the user attributes based on the service provider's requirements.
    • Google Directory attributes: Primary Email
    • App Attributes: user.mail
  9. Click Finish.

Link Google Workspace metadata with OneView

Use one of the following methods to connect the metadata with OneView

Metadata URL

  1. Copy the OneLogin App Federation Metadata Url.
  2. In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
  3. Set Enable Single Sign-On (SSO) to ON.
  4. In the top right, click Save.

Metadata XML

  1. Download the Google Workspace Federation Metadata XML file.
  2. In the OneView Single Sign-On page, choose Metadata XML.
  3. Drag the .xml file or click Or Select A File to upload the IDP Metadata.
  4. Set Enable Single Sign-On (SSO) to ON.
  5. In the top right, click Save.

Enable SSO

  1. Once the metadata is uploaded, toggle on Enable SSO.
  2. Toggle on Just-In-Time (JIT) Provisioning to automatically create OneView users if they don't already exist when authenticating through Google Workspace.
  3. To use SP Initiated SSO, toggle on Service Provider Initiated SSO. Remember to remove /acs from the ACS URL in Google.
  4. Now the application can be assigned to your OneView administrators in Google Workspace. For more information, see Turn on your SAML app

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more