This section describes how to integrate RSA SecurID Access with Google G Suite (formerly Google Apps) using Relying Party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Google G Suite SAML Service Provider (SP).
Architecture Diagram
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to GoogleG Suite .
Procedure
1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.
2. From the Relying Party Catalog, select the +Add button for Service Provider SAML.
3. In the Basic Information section, enter a name and click Next Step.
4. In the Authentication section, do the following:
- Under Authentication Details, select RSA SecurID Access manages all authentication.
- Select appropriate primary and additional authentication methods.
- Click Next Step.
5. On the Connection Profile page, under the Service Provider Metadata section, enter the following details:
- Assertion Consumer Service (ACS) URL: Enter https://www.google.com/a/%DOMAIN%/acs, where %DOMAIN% is the domain name of your G Suite connected domain.
- Service Provider Entity ID: Enter google.com.
6. In the Message Protection section, click on Download Certificate button to download the certificate used by CAS to sign the assertion. This will be required in Step 4 of G Suite configuration.
7. Click Save and Finish.
8. Click the Publish Changes button in the top left corner of the page, and wait for the operation to complete.
Configure Google G Suite
Perform these steps to integrate Google G Suite with RSA SecurID Access as a Relying Party SAML SP.
Procedure
Note: The Domain connected to your G Suite account needs to be verified prior to using third party SAML IdP. If the domain is not verified, follow https://support.google.com/a/answer/60216?hl=en&ref_topic=29190 to get your domain verified before proceeding.
1. Log in to the G Suite administrator console at https://admin.google.com.
2. Click on Security.
3. Click Set up single sign-on (SSO) with a third party IdP.
4. In the Third-party identity provider page, do the following:
- Enable the check-box beside Set up SSO with third-party identity provider
- Sign-in Page URL: Enter <Company-ID>.auth.securid.com/saml-fe/sso, where <Company-ID> id the company ID of your Cloud Authentication Service.
- Sign-out page URL: Enter https://google.com.
- Verification certificate: Upload the certificate obtained from Step 6 of RSA Cloud Authentication Service configuration.
- Click Save.
Configuration is complete.
Return to the main page for more certification related information.