Google G Suite - SAML Relying Party Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Aug 6, 2020
Version 1Show Document
  • View in full screen mode

This section describes how to integrate RSA SecurID Access with Google G Suite (formerly Google Apps) using Relying Party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Google G Suite SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to GoogleG Suite .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

2. From the Relying Party Catalog, select the +Add button for Service Provider SAML.

3. In the Basic Information section, enter a name and click Next Step.

4. In the Authentication section, do the following:

  1. Under Authentication Details, select RSA SecurID Access manages all authentication.
  2. Select appropriate primary and additional authentication methods.
  3. Click Next Step.

5. On the Connection Profile page, under the Service Provider Metadata section, enter the following details:

  1. Assertion Consumer Service (ACS) URL: Enter https://www.google.com/a/%DOMAIN%/acs, where %DOMAIN% is the domain name of your G Suite connected domain.
  2. Service Provider Entity ID: Enter google.com.

6. In the Message Protection section, click on Download Certificate button to download the certificate used by CAS to sign the assertion. This will be required in Step 4 of G Suite configuration.

7. Click Save and Finish.

8. Click the Publish Changes button in the top left corner of the page, and wait for the operation to complete.

 

Configure Google G Suite

Perform these steps to integrate Google G Suite with RSA SecurID Access as a Relying Party SAML SP.

Procedure

Note:  The Domain connected to your G Suite account needs to be verified prior to using third party SAML IdP. If the domain is not verified, follow https://support.google.com/a/answer/60216?hl=en&ref_topic=29190 to get your domain verified before proceeding.

1. Log in to the G Suite administrator console at https://admin.google.com.

2. Click on Security.

3. Click Set up single sign-on (SSO) with a third party IdP.

4. In the Third-party identity provider page, do the following:

  1. Enable the check-box beside Set up SSO with third-party identity provider
  2. Sign-in Page URL: Enter <Company-ID>.auth.securid.com/saml-fe/sso, where <Company-ID> id the company ID of your Cloud Authentication Service.
  3. Sign-out page URL: Enter https://google.com.
  4. Verification certificate: Upload the certificate obtained from Step 6 of RSA Cloud Authentication Service configuration.
  5. Click Save.

 

Configuration is complete.

Return to the main page for more certification related information.

 
You are here
Google G Suite - SAML Relying Party Configuration - RSA Ready SecurID Access Implementation Guide

Attachments

    Outcomes