EV Observe - Configure Google WorkPlace as a SAML Identity Provider

Last modified on 2023/05/31 16:50

Note: Google is in constant development. As such, some of the screens shown in the procedures below may be different from the ones in the final interface.

SAML (Security Assertion Markup Language) is used to enable single sign-on (SSO) between an identity provider (IDP) and a service provider.

The procedure is used to enable SAML 2.0 authentication between EV Observe (the service provider) and the Google Identity platform (the identity provider). Once Google has authenticated users, they will be logged in to EV Observe using their Google account.

Notes

  • Only administrators can configure SAML authentication for Google WorkPlace.

Procedure: How to configure SAML authentication

Step 1: Retrieve information on your service provider, EV Observe

SAML_InfoServiceProvider

Note: You must be authorized to access the Administration menu.

1. Go to the Web app.

2. Select Administration > Integration > SAML in the menu.

3. (optional) Modify the default name of the SAML authentication.

          SAML authentication.png


4. Copy the EV Observe identification information found in the Entity ID and Assertion Consumer Service URL fields and paste it in your text editor in order to store it temporarily. It will be required when registering EV Observe on the Google Identity platform in step 2.
 

Step 2: Register your service provider, EV Observe on the Google Identity platform (identity provider)

     Open url.png See the relevant documentation entitled Set up your own custom SAML application

1. Log in to the Google Admin console.

2. Select Apps > Web and mobile apps > Add App > Add custom SAML app.

3. In the Google Identity Provider details page:

  • Click Download Metadata.
  • Save the file on your workstation.

The metadata file is generated by the identity provider. It contains the configuration information required by EV Observe for configuring SAML authentication in step 3.

          Google - Download metadata.png

4. In the Service Provider Details page, specify the ACS URL (Assertion Consumer Service URL) and Entity ID fields using your EV Observe values.

Note: These values were stored in your text editor in step 1: Entity ID and Assertion Consumer Service URL.

          Google - Information.png

5. In the Attribute mapping page:

  • Click Add Mapping.
  • Add the Google Directory attribute in the Basic Information > Primary email field.
  • Select the email value.

          Google - Mappage.png

6. Authorize access to the relevant users based on your groups or organizational units.

Note: Access is disabled by default for all users.
 

Step 3: Configure SAML authentication in EV Observe

SAML_ConfigureEVObserve

1. Return to the Web app.

2. Open the SAML configuration window.

          SAML authentication - Configuration.png

3. Import the metadata file generated by the identity provider.

  • Click Import XML.
  • Select the file you downloaded on your workstation when you registered EV Observe on the identity provider platform in step 2.

4. Ensure that the EV Observe login is identical to the user registered with the identity provider by entering the mail value in the Username attribute field.

   Without a specific binding on the Azure side, enter the value below.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddres

5. Click Enable SAML Authentication.

6. Configure user access for SAML authentication.

Tags:
Powered by XWiki © EasyVista 2022