Google Suite

Perimeter 81 offers two ways different ways in order to set Google Suite as your identity provider: using Google Service (introduced at the beginning of this page) or using Google SAML applications (introduced at the second part of the page). When choosing one over the other please keep in mind:

  • While (at the moment) a SAML integration does not lead to any additional costs on Google's side, applying this configuration using Google Services may increase your Google Suite pricing, depending on your Google customer tier.
  • A SAML integration would enable you to force all users to authenticate using Google Suite, in opposed to setting up a Google Service which is more flexible and can be applied to particular groups of users only.

Configure a Google Suite as your Perimeter 81 IdP using Google Services

You can connect your Perimeter 81 Account to Google Suite by providing the Google Client ID and Client Secret to Perimeter 81. Follow the steps below:

  • Generate the Google Client ID and Client Secret
  • Enable the Admin SDK Service
  • Enable and Configure the Perimeter 81 GSuite Connection
 

Generate the Google Client ID and Client Secret

1. While logged in to your Google admin account, go to the API Manager and then Credentials in the Management Portal on the left side. (https://console.developers.google.com/projectselector/apis/credentials?pli=1)

You should follow steps 2-3 only in case you do not have already a project defined on Google Cloud Platform.

2. Select Create to create a new project.

mceclip0.png

3. In the dialog box that appears, provide a Project name, answer Google's email- and privacy-related questions, and select Create:
mceclip2.png

4. Under 0Auth consent screen, User Type is External

mceclip3.png
Click Create

Application Type is Public, write down the Application Name (for example, Perimeter 81)

You will need to add “perimeter81.com” into the “Authorized domains” list on “Credentials” -> “OAuth consent screen”.

 

5. Please also fill in the application Homepage Link with your workspace URL and then select Save.

6. Google will take a moment to create your project. When the process completes, Google will prompt you to create the credentials you need.

7. Select Create credentials to display a pop-up menu listing the types of credentials you can create. Select the OAuth client ID option.

8. At this point, Google will display a warning banner that says, "To create an OAuth client ID, you must first set a product name on the consent screen." Select Configure consent screen to begin this process. Provide a Product Name that will be shown to users when they log in through Google.

At this point, you will be prompted to provide additional information about your newly-created app.

9. Select Web application, and enter Perimeter 81 as the name for the app.

10. Under Restrictions, enter the following information:

11. Select Create. Your Client ID and Client Secret will be displayed.

Google may show an "unverified app" screen before displaying the consent screen for your app. To remove the unverified app screen, complete the OAuth Developer Verification process.

12. Save your Client Id and Client Secret to enter into the Connection settings in Perimeter 81.

 

Enable the Admin SDK Service

If you are planning to connect to Google Suite enterprise domains, you will need to enable the Admin SDK service.

1. Navigate to the Library page of the API Manager.

2. Select Admin SDK from the list of APIs.

3. On the Admin SDK page, select Enable.

 

Enable and Configure the Perimeter 81 Google Suite Connection

1. Log in to your Perimeter 81 management dashboard, and navigate to Settings and then Identity Providers.

add_provider1.png

2. Select + Add Provider.

3. Select G Suite/Google Cloud Identity.

4. Fill in the Domain name, Domain aliases (optional), Google client ID and Client secret.

5. Select Done.

6. You will need to configure your settings so that your app can use Google's Admin APIs. If you're the administrator, you can select Continue on the Connection's Settings page to do so. If not, provide the URL you're given to your administrator so that the required settings can be adjusted.

You're all set. Google Suite is now connected and users should be able to login with their GSuite account.

Access Error troubleshooting

If your users are getting access error after the configuration, please check these steps.

Configure Google Suite as your Perimeter 81 IdP using SAML

1. Open the G Suite management console.

2. Select Apps.

image7.png

3. Select SAML apps then select the plus sign (+) icon in the bottom left corner.

image4.png

4. Select Setup My Own Custom App.

image1.png

5. Select Download Certificate, then select Next.

image3.png

6. Enter a desired name, description, and logo.

image8.png

 

7. Fill in according to the following:

  • ACS URLhttps://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
  • Entity URLurn:auth0:perimeter81:{{WORKSPACE}}-oc
  • Make sure to replace {{WORKSPACE}} with your workspace name (for example, if you log in to the platform using myworkspace.perimeter81.com, replace {{WORKSPACE}} with myworkspace)
  • Name ID: Basic Information and Primary Email
  • Name ID Format: UNSPECIFIED

image2.png

8. Enter the following information:

email: Basic Information and Primary Email
family_name: Basic Information and Last Name
given_name: Basic Information and First Name
groups: Employee Details and Department

image6.png

9. Once the application has been created select Status, and then turn on for everyone.

image5.png

Configure Perimeter 81

You need to configure the integration from the Perimeter 81 side.

1. Log in to your Perimeter 81 management dashboard, and navigate to Settings and then Identity Providers.

add_provider1.png

2. Select + Add Provider.

3. Select Okta Identity Cloud.

4. Fill in SSO URL (step 2/5 in the Google console).

5. Add your organization domain.

6. Paste the certification from the file you downloaded before (begin and end line included).

okta-add_on_p81.png

7. Select Done.

 

 

 

 

 

 

 

 

 

 

 

 

 

1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.