Configuring SAML Single Sign-On for Google Workspace Users9 minutes to read
ManageEngine PAM360 integrates seamlessly with Google Workspace (formerly G Suite), enabling organizations to leverage Google's robust identity and access management capabilities for secure Single Sign-On (SSO). By configuring PAM360 as a Service Provider (SP) and Google Workspace as an Identity Provider (IdP), users can centralize authentication processes, streamline access management, and enhance security through Google's advanced authentication mechanisms. This integration ensures that users can log in once via Google and gain access to PAM360 without re-authentication, providing a simplified and secure user experience. This help documentation covers the following topics in detail:
1. PrerequisitesTo configure PAM360 as an SP in the Google Cloud Console, you need SP details displayed in step 1 during the IdP configuration in PAM360. These details are necessary for setting up PAM360 as an SP on the Google Cloud Console, ensuring a seamless integration between PAM360 and Google. 2. Adding PAM360 to Google's Admin ConsoleFollow these steps to add PAM360 as a custom SAML application in Google's admin console.
3. Creating a Custom NameID AttributeThis section guides you through the steps to add a custom NameID attribute in the Google Admin Console, ensuring that the SAML assertions are correctly mapped and authenticated. Follow the instructions below to configure the required custom attribute for your AD users imported into PAM360.
After creating the custom attribute, it is essential to populate its value in the Domain\username format to ensure seamless authentication for AD users accessing PAM360. Follow these steps to update the attribute value:
4. Enabling User AccessAfter setting up SAML SSO, you must enable user access to the PAM360 custom SAML application within the Google Admin Console to allow users to log into PAM360 using SAML SSO. User access to the PAM360 custom SAML application is turned off by default. Follow these steps to enable user access:
You have successfully enabled user access for the custom PAM360 SAML application. Note: After setting up PAM360 as an SP in the Google Admin Console, you must configure Google as an IdP in PAM360 to establish it as a trusted entity. Access the PAM360 browser window and proceed with the IdP configuration starting from Step 2 - Configure Identity Provider Details. Follow the instructions in this link to complete Step 2 (Configure Identity Provider Details) and Step 3 (Configure SAML Properties) for setting up Google as the IdP for your desired access URL in PAM360. | |