The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for OneView with Google Workspace. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with OneView.
Add the application in Google Workspace
- In your Google Admin console, go to Menu, then Apps > Web and mobile apps.
- Click Add App > Add custom SAML app.
- Enter the app name and optionally upload an app icon.
- Click Continue.
Setup Google Workspace SAML Settings
- In the OneView Single Sign-On page, copy the Assertion Consumer Service URL.
- Paste the copied URL into the ACS URL and Start URL fields in Google.
- In OneView, copy the Service Provider Entity ID URL.
- Paste the copied URL into the Entity ID field in Google.
- For extra security, enable or disable the Signed response checkbox:
- Enabled: The entire SAML authentication response must be signed.
- Disabled: Only the assertion within the response is signed.
- Set the Name ID format and value for your custom SAML app.
- Name ID Format: Email
- Name ID: Basic Information > Primary Email.
- Click Continue.
- Map the user attributes based on the service provider's requirements.
- Google Directory attributes: Primary Email
- App Attributes: user.mail
- Click Finish.
Link Google Workspace metadata with OneView
Use one of the following methods to connect the metadata with OneView
Metadata URL
- Copy the OneLogin App Federation Metadata Url.
- In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Metadata XML
- Download the Google Workspace Federation Metadata XML file.
- In the OneView Single Sign-On page, choose Metadata XML.
- Drag the .xml file or click Or Select A File to upload the IDP Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Enable SSO
- Once the metadata is uploaded, toggle on Enable SSO.
- Toggle on Just-In-Time (JIT) Provisioning to automatically create OneView users if they don't already exist when authenticating through Google Workspace.
- Toggle on Service Provider Initiated SSO.
- Now the application can be assigned to your OneView administrators in Google Workspace. For more information, see Turn on your SAML app.