Tìm kiếm
Xóa tìm kiếm
Đóng tìm kiếm
ứng dụng Google
Menu chính
    Trang bạn đã yêu cầu hiện không có sẵn bằng ngôn ngữ của bạn. Bạn có thể chọn ngôn ngữ khác ở cuối trang hoặc dịch nhanh bất kỳ trang web nào sang ngôn ngữ mà bạn chọn, sử dụng tính năng dịch được tích hợp cài sẵn trong Google Chrome.

    Set up SSO using 3rd party IdPs

    Set up Single Sign-On (SSO) for G Suite accounts using third party identity providers

    This feature is available with the G Suite Enterprise or Business or Basic or Education edition.

    The SAML-based Federated SSO article describes the SAML instance where Google is the identity provider (IdP). This group of articles describes the SAML instance where Google is the service provider (SP) and uses 3rd party identity providers.

    To set up Google service provider SAML with 3rd party IdPs, step through the process by following the blue links or the arrows above: 

    SSO for G Suite support


    SSO  enables users to access all of their enterprise cloud applications—including administrators signing in to the Admin console—by signing in one time for all services. If a user tries to sign in to the Admin console or another Google service when SSO is set up, they are redirected to the SSO sign-in page.

    We provide a Security Assertion Markup Language (SAML)-based SSO API that you can use to integrate into your Lightweight Directory Access Protocol (LDAP), or other SSO system. LDAP is a networking protocol for querying and modifying directory services running over TCP/IP.

    SSO is also available on Chrome devices. For details, see Configure SAML Single Sign-On for Chrome Devices.

    Pre-2.1 Android devices use Google authentication. If you try to sign in with these devices, you are prompted for your full G Suite account email address (including username and domain) and you go directly to the application after you sign in. Google does not redirect you to the SSO sign-in page, regardless of the network mask.

    With iOS applications, when the SSO Sign-in page URL starts with "google." (or some variation), the Google iOS app is redirected to Safari. This causes the SSO process to fail. The full list of forbidden prefixes is:

    • googl.
    • google.
    • www.googl.
    • www.google.

    You'll need to change any SSO Sign-in page URLs with these prefixes.

    How does the password change URL affect password changes?

    If you specify a URL in the Change password URL option, all users, other than super administrators, who try to change their password at https://myaccount.google.com/ will be directed to the URL you specify. This setting applies even if you do not enable SSO. Also, network masks do not apply.

    Whether or not you've set the Change password URL option, when you've selected the checkbox Setup SSO with third party identity provider, the Require a change of password in the next sign in checkbox to force a user to change their password when they next sign in is disabled.

    I have a question that is not covered above.

    To resolve common issues, see Troubleshooting Single Sign-On. There are also a number of commercial products and system integrators that provide SSO products and professional services. Search the G Suite Marketplace for Google Cloud partners and other third parties that provide SSO assistance.

    Was this article helpful?
    How can we improve it?
    Sign in to your account

    Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.