Google Suite
  • 18 Oct 2020
  • 4 Minutes To Read
  • Contributors
  • Print
  • Dark
    Light

Google Suite

  • Print
  • Dark
    Light

This article describes the two ways to set Google Suite as your identity provider: using Google Service or using Google SAML applications. 

  • Configuring Google Suite as your IdP using Google Services
  • Generating the Google Client ID and Client Secret
  • Enabling the Admin SDK Service
  • Enabling and Configuring the Google Suite Connection
  • Access Error troubleshooting
  • Configuring Google Suite as your IdP using SAML
  • Configuring Perimeter 81

When choosing one over the other please keep in mind:

  • While (at the moment) a SAML integration does not lead to any additional costs on Google's side, applying this configuration using Google Services may increase your Google Suite pricing, depending on your Google customer tier.
  • A SAML integration enables you to force all users to authenticate using Google Suite, as opposed to setting up a Google Service which is more flexible and can be applied to particular groups of users only.

Configuring Google Suite as your IdP using Google Services

You can connect your Account to Google Suite by providing the Google Client ID and Client Secret to Perimeter 81. Follow the steps below:

  • Generate the Google Client ID and Client Secret
  • Enable the Admin SDK service
  • Enable and configure the Perimeter 81 GSuite Connection

Generating the Google Client ID and Client Secret

  1. While logged in to your Google admin account, go to the API Manager and then Credentials in the Management Portal on the left side. (https://console.developers.google.com/projectselector/apis/credentials?pli=1 )
    You should follow steps 2-3 only in case you do not have already a project defined on Google Cloud Platform.
  2. Select Create to create a new project.
    360008122659mceclip0.png
  3. In the dialog box that appears, provide a Project name, answer Google's email- and privacy-related questions, and select Create:
    360008123339mceclip2.png
  4. Under 0Auth consent screen, User Type is External
    360008114680mceclip3.png

Click Create.
Application Type is Public, write down the Application Name (for example, Perimeter 81)
You will need to add “perimeter81.com” into the “Authorized domains” list on “Credentials” -> “OAuth consent screen”.
httpsfilesreadmeio07a205f-gs1.png



httpsfilesreadmeiodd8507f-ScreenShot2018-10-17at093424.png

5. Please also fill in the application Homepage Link with your workspace URL and then select Save.

httpsfilesreadmeio98189f0-ScreenShot2018-12-20at140541.png

6. Google will take a moment to create your project. When the process completes, Google will prompt you to create the credentials you need.

httpsfilesreadmeio1c1efea-ScreenShot2018-10-10at160033.png

7. Select Create credentials to display a pop-up menu listing the types of credentials you can create. Select the OAuth client ID option.

8. At this point, Google will display a warning banner that says, "To create an OAuth client ID, you must first set a product name on the consent screen." Select the Configure consent screen to begin this process. Provide a Product Name that will be shown to users when they log in through Google.

httpsfilesreadmeiofd5e379-ScreenShot2018-10-10at160543.png

At this point, you will be prompted to provide additional information about your newly-created app.

9. Select Web application, and enter Perimeter 81 as the name for the app.

10. Under Restrictions, enter the following information:

  1. Select Create. Your Client ID and Client Secret will be displayed.
    Google may show an "unverified app" screen before displaying the consent screen for your app. To remove the unverified app screen, complete the OAuth Developer Verification process.
    httpsfilesreadmeio981dcb3-ScreenShot2018-10-10at160600.png
  2. Save your Client Id and Client Secret to enter into the Connection settings in Perimeter 81.

Enabling the Admin SDK Service

If you are planning to connect to Google Suite enterprise domains, you will need to enable the Admin SDK service.

  1. Navigate to the Library page of the API Manager.
  2. Select Admin SDK from the list of APIs.
    httpsfilesreadmeio70a78b7-api-manager-library.png
  3. On the Admin SDK page, select Enable.
    httpsfilesreadmeioe4f575c-enable-admin-sdk.png

Enabling and Configuring the Google Suite Connection

  1. Log in to your Perimeter 81 Management Platform, and navigate to Settings and then Identity Providers.
    360008600120addprovider1.png
  2. Select + Add Provider.
  3. Select G Suite/Google Cloud Identity.
    httpsfilesreadmeiof96d2c8-GSuite.png
  4. Fill in the Domain name, Domain aliases (optional), Google client ID, and Client secret.
    httpsfilesreadmeioe450dc8-a.png
  5. Select Done.
  6. You will need to configure your settings so that your app can use Google's Admin APIs. If you're the administrator, you can select Continue on the Connection's Settings page to do so. If not, provide the URL you're given to your administrator so that the required settings can be adjusted.
    httpsfilesreadmeio874a37a-b.png
    You're all set. Google Suite is now connected and users should be able to login with their GSuite account.

Configuring Google Suite as your IdP using SAML

  1. Open the G Suite management console.

  2. Select Apps.
    360009883339image7.png

  3. Select SAML apps then select the plus sign (+) icon in the bottom left corner.
    360009883780image4.png

  4. Select Setup My Own Custom App.
    360009883299image1.png

  5. Select Download Certificate, then select Next.
    360009883800image3.png

  6. Enter the desired name, description, and logo.
    360009883840image8.png

  7. Fill in the following information:

  • ACS URL : https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
  • Entity URL : urn:auth0:perimeter81:{{WORKSPACE}}-oc
  • Make sure to replace {{WORKSPACE}} with your workspace name (for example, if you log in to the platform using myworkspace.perimeter81.com, replace {{WORKSPACE}} with my workspace )
  • Name ID: Basic Information and Primary Email
  • Name ID Format: UNSPECIFIED

360009883279image2.png

  1. Enter the following information:
    email: Basic Information and Primary Email

family_name: Basic Information and Last Name

given_name: Basic Information and First Name

groups: Employee Details and Department
360009883319image6.png

  1. Once the application has been created select Status, and then turn on for everyone.
    360009883820image5.png

Configuring Perimeter 81

You need to configure the integration from the Perimeter 81 side.

  1. Log in to your Perimeter 81 Management Platform, and navigate to Settings and then Identity Providers.
    360008600320addprovider1.png
  2. Select + Add Provider.
  3. Select Okta Identity Cloud.
  4. Fill in SSO URL (step 2/5 in the Google console).
  5. Add your organization domain.
  6. Paste the certification from the file you downloaded before (begin and end line included).
    360007806800okta-addonp81.png
  7. Select Done.