The Google Identity Provider (IdP) is a trusted entity that allows you to enable single sign-on to access other sites or services, such as Azion. Your users can continue using their corporate user identities without having to remember a specific password or enter credentials each time they access Azion Console.
When using an IdP, you have two protocol possibilities: Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
To set up a Google custom SAML app as your account IdP for Console, follow the next steps.
Configuring the SAML app on Google AdminSection titled Configuring the SAML app on Google Admin
Access Google Admin Console.
Go to the upper-left corner of the page, and in the dropdown menu, select Apps > Web and mobile apps.
Click Add App > Add custom SAML app.
On the App Details page:
- Type a name for the app you’re creating.
- Click Continue.
On the Google Identity Provider details page, copy the SSO URL and Entity ID and download the Certificate. You’ll need this information on Azion Console.
Configuring the Identity Provider on Azion ConsoleSection titled Configuring the Identity Provider on Azion Console
- Log in to Azion Console.
- On the upper-right corner of the page, select the avatar menu. This is the Account menu.
- Select SSO Management.
- Click the Add Identity Provider button and select SAML.
- On the Identity Provider page, choose a name that identifies your Identity Provider. Example:
- Fill in the following fields with the data copied from Google Admin:
- Identity provider’s Entity ID URI.
- Sign-in URL.
- Certificate. It must include the —-BEGIN CERTIFICATE—- and —-END CERTIFICATE—- parts.
- Click Save. You’ll be redirected to the list of identity providers, where you can view all the providers created in your account.
Completing the registration of the app on Google AdminSection titled Completing the registration of the app on Google Admin
On the SSO Management page of Azion Console:
- Find the box of your recently created identity provider.
- Click the context menu, represented by three dots > Edit.
On the Identity Provider page you’ll need to copy the following information to finish the configuration on Google Admin:
- Assertion Consumer Service URL.
- Service Provider’s Entity ID URI.
- Sign-in URL.
On Google Admin, access the Service Provider Details of the app you’ve created and provide the following information:
- In the ACS URL field, paste the Assertion Consumer Service URL you’ve copied from Console.
- In the Entity ID field, paste the Service Provider’s Entity ID URI you’ve copied from Console.
- In the Start URL field, paste the Sign-in URL you’ve copied from Console (optional field).
Check the Signed Response box.
In the Name ID format field, select the option UNSPECIFIED.
In the Name ID field, select the option Basic Information > Primary email.
On the Attribute mapping page, click Add Another Mapping.
In the Google Directory attributes field, select Basic Information > Primary email.
In the App Attributes field, set the string email.
Turning on the Google custom SAML appSection titled Turning on the Google custom SAML app
After setting the service provider details:
- Go back to Google Admin Console.
- Go to the upper-left corner of the page, and in the dropdown menu, select Apps > Web and mobile apps.
- Select the SAML app you’ve just created.
- Click User access and then click On for everyone to turn the service on for everyone in your organization. If you want to turn the app off, click Off for everyone.
- Click Save.
Turning on the Identity Provider on Azion ConsoleSection titled Turning on the Identity Provider on Azion Console
- Back on Console, access the SSO Management page.
- On the box of the Identity Provider you’ve added, click Activate and turn on identity Origin and then click Confirm.
Now all the users of the account, except for the Account Owner will be able to access Console using Google as the Identity Provider.