All geek questions in one place

Google Apps as an Identity Provider

Can I use Google Apps as an identity provider in setting up SAML single sign-on? I planned to use simpleSAML.php and I know that you can create authentication modules, but I was wondering if it is possible to create an authentication module using Google as an identity provider through the provisioning API?

We’re about to deploy a Chromebook - and they still don’t integrate with SSO, only with the main list of Google Apps users. So instead of working with something like Ping Identity, it would be better to just use Google Apps as our identity provider to authenticate our other web applications.

Hope this makes sense.

+4
source share
3 answers

Google Accounts (Apps) can be used as an OpenID identity provider. Having implemented the application as a relying party, you can authenticate your users based on your Google accounts. Google Login: http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html

With SAML SSO, Google acts as a relying party. Although it can be used with the preparation API and clientLogin, it is not supported and, possibly, against Google Apps ToS,

+3
source

YES, since a few months ago. This is actually quite simple. You can follow these two links for current information:

https://support.google.com/a/answer/6087519?hl=en

https://robinpowered.com/blog/how-to-set-up-saml-with-google-apps/

+6
source

No, you cannot use Google as a SAML identity provider, only as a service provider.

(as per answer from @ jukka-dahlbom)

+2
source

Source: https://habr.com/ru/post/1394093/

More articles:


All Articles