Google Workspace - SAML Relying Party Configuration - RSA Ready Implementation Guide
2 years ago
Originally Published: 2021-10-30

This article describes how to integrate RSA with Google Workspace (formerly G Suite) using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to Google Workspace.
Procedure

  1. Sign in to RSA Cloud Administration Console
  2. Click Authentication Clients > Relying Parties.                                                                                                                                              image.png
  3. On the My Relying Parties page, click Add a Relying Party.                                                                                                                           image.png
  4. On the Relying Party Catalog page, click Add for Service Provider SAML.                                                                                               image.png
  5. On the Basic Information page, enter a name for the Service Provider in the Name field.
  6. Click Next Step.
  7. On the Authentication page, choose SecurID Access manages all authentication.
  8. In the Primary Authentication Method list, select your desired login method as either Password or SecurID.
  9. In the Access Policy for Additional Authentication list, select a policy that was previously configured.                                                image.png
  10. Select Next Step.
  11. On the Connection Profile page, click Enter Manually.
  12. In the Service Provider section, provide the following details:
    1. In the Assertion Consumer Service (ACS) URL field, enter https://www.google.com/a/%DOMAIN%/acs where %DOMAIN% is the domain name of your Google Workspace connected domain.
    2. In the Service Provider Entity ID field, enter google.com.                                                                                                              image.png
  13. In the Message Protection section, click Download Certificate to download the IDP signing certificate used by Cloud Authentication Service to sign the assertion. This is required during the Workspace configuration.                                                                                  image.png
  14. In the Identity Provider section, make a note of the Entity ID text field value. This is required during the Workspace configuration.         image.png
  15. Click Save and Finish.
  16. Click Publish Changes and wait for the operation to complete.

Configure Google Workspace 

Perform these steps to configure Google Workspace.
Procedure
  1. Sign in to the Workspace administrator console at https://admin.google.com.
  2. Go to Security > Authentication > SSO with third-party IdP.                                                                                                                  image.png
  3. On the SSO with third-party IdP page, do the following:
    1. Select the Set up SSO with third-party identity provider check box.                                                                                      image.png
    2. In the Sign-in page URL field, enter the Identity Provider URL obtained from of RSA Cloud Authentication Service configuration. image.png
    3. In the Sign-out page URL field, enter https://google.com.                                                                                                              image.png
    4. Verification certificate: Upload the public certificate extracted from RSA Cloud Authentication Service configuration.                    image.png
  4. Click Save.
Note: The domain connected to your Workspace account must be verified before using third-party SAML IdP. If the domain is not verified, follow https://support.google.com/a/answer/60216?hl=en&ref_topic=29190 to get your domain verified before proceeding.

The configuration is complete.
Return to Google Workspace - RSA Ready Implementation Guide.

Related Articles

Trending Articles

Don't see what you're looking for?