Set up SSO using 3rd party IdPs
Service provider SSO set up
The SAML-based Federated SSO article describes the SAML instance where Google is the identity provider (IdP). This article describes the SAML instance where Google is the service provider (SP) and uses 3rd party identity providers.
- Click Security > Set up single sign-on (SSO). Where is it?
- Check the Setup SSO with third party identity provider box.
- Enter the following URLs to your third-party Identity Provider (IdP).
Sign-in page URL: The page where users sign in to your system and to Google
Sign-out page URL: The page where users are redirected to after signing off
Note: All URLs must be entered, and must use HTTPS, for example https://sso.domain.com.
The issuer is the entity ID element in the SAML request to the IdP (identity provider).
You can choose whether to include a standard or domain specific issuer. When multiple domains are using SSO with the same IdP aggregator, a specific issuer can be parsed by the IdP aggregator to identify the correct domain name for the SAML request.
If you don't check the box to enable a domain specific issuer, Google will send the standard issuer, google.com, in the SAML request. If you check the box to enable this feature, Google will send an issuer specific to your domain, google.com/a/your_domain.com, where your_domain.com is replaced with your actual domain name.