How to configure Google Apps for Work as an IDP for a PingOne for SaaS Apps

How to configure Google Apps for Work as an IDP for a PingOne for SaaS Apps

Published: 02/22/2016

Task 1: Collect IDP Metadata from the customer.

  1. Have the Google Apps for Work administrator provide you with their IDP metadata. This can be found in the Google Apps cpanel under Security > Set up single sign-on. Click the button to download IDP Metadata.

Task 2: Create a Manual Connection in PingOne

  1. Login to the PingOne Administration portal and click the Customer Connections tab.
  2. Click the Adding Connections link.
  3. Choose the Manual Connection option.
  4. Select the application you wish to enable in this connection.
  5. Set the Multiplexed option to Yes.
  6. Enter the Customer Email for this connection.
  7. Enter a Customer ID (idpid).
  8. Click the Select File button to browse to the metadata file that the Google Apps administrator sent you.
  9. Click Save Settings.

Task 3: Provide the customer with the SSO information from PingOne.

  1. You will provide your customer with the following information:
    • ACS URL: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=${saasid}
    • In the url above, you will replace ${saasid} with the saasid for your application (this will be displayed under the application name on the My Applications page)
    • EntityID: PingConnect

Task 4: Google Apps Administrator creates application in the Google Apps cpanel.

  1. Login to the Google Apps for work CPanel.
  2. Navigate to Apps>SAML Apps.
  3. Click Add a service/App to your domain.
  4. Choose Setup My own Custom App, and click Next.
  5. Enter the Application Name and Description, and upload a logo if desired, and click Next.
  6. Populate the ACS URL and Entity ID fields with the information from PingOne.
  7. Leave Start URL blank, unless required.
  8. NameID will automatically be set to the Primary Email address. Click Next.
  9. If your application requires additional attributes, you have the chance to add them here. If not, click Finish.
  10. Click OK on the final step of the wizard.
  11. By default, new applications are "OFF for all users". You can click the menu icon and choose ON for Everyone.
Category:
SaaS SSO , 
KB or other URL: