Set up SSO using 3rd party IdPs

Best practices for third-party IdP SAML apps configurations

As an admin, you can use these security best practices when integrating G Suite with third-party identity providers (IdPs) to connect to Security Assertion Markup Language (SAML) applications.

Best practices for your third-party IdP configuration

  • Maintain good password policies, and enforce strong passwords. Implement 2-Step Verification (2SV). Google 2SV doesn't integrate with third-party identity providers (IdPs), so implement 2SV on the IdP side. Where possible, recommend security keys and mobile-app based solutions over text messages.

Best practices for your G Suite configuration

  • Disable user access to less secure apps. See Control access to less secure apps. By design, Internet Message Access Protocol (IMAP) and Simple Mail Transfer Protocol (SMTP) that use password  authentication and don’t offer the level of security that the Google web and OAuth login flows do.
  • Disable Post Office Protocol (POP) or Internet Message Access Protocol (IMAP) access. See Turn POP and IMAP off for users.
  • Maintain strong passwords for G Suite accounts. These passwords are less likely to be used, so they may represent an attack surface. See Manage your users password settings.

Best practices for your user devices

  • Practice good cookie management. Google uses cookies to establish the relationship of a user to a device. Clear cookies or log out only when the device can no longer be associated with that user.
  • Use Google mobile apps. In addition to providing the best user experience, these apps offer security protections.
  • Update to the latest operating system version and security patches. To ensure the best protection for your users' mobile devices, tell them to accept the latest updates and security patches.
Was this helpful?
How can we improve it?