Federated Directory cloud application
You must be signed in as a super administrator for this task.
Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign in to enterprise-cloud applications.
Set up SSO via SAML for Federated Directory
Here's how to set up single sign-on (SSO) via SAML for the Federated Directory® application.
Step 1: Get Google identity provider (IdP) information-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Apps
SAML apps.
To see Apps on the Home page, you might have to click More controls at the bottom.
- Click the plus (+) icon at bottom right.
- Locate and click Federated Directory in the application list.
- On the Google IDP Information page:
- Copy and save the SSO URL.
- Download the Certificate.
Leave the Admin console open, you'll continue with the SSO configuration wizard after performing the next step in the Federated Directory application.
- Open a new incognito browser window.
- Sign in to http://www.federated.directory with your organization's Federated Directory account.
- Click the menu icon at top left, then Directories.
- Select the directory you want to connect to G Suite, then the Config tab.
- Copy the id and save it (you'll need this value when you return to the Admin console to finish configuring SSO for Federated Directory).
- Under Authentication method, select SAML authentication.
- In the Login page URL field, enter the SSO URL you copied in Step 1.
- In the Verification certificate field, paste the contents of the certificate file you downloaded in Step 1.
- Click Save authentication method to save your changes, then close your incognito browser window and return to the Admin console to continue configuration.
- In the SSO configuration wizard, click Next.
The Basic information window shows the Application name and Description seen by users.
- Click Next.
- On the Service Provider Details page, edit the default contents of the ACS URL and Entity ID fields, replacing {directoryId} with the Directory ID you copied from the Federated Directory SSO settings in Step 2 above.
- Click Finish.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Apps
SAML apps.
To see Apps on the Home page, you might have to click More controls at the bottom.
- Select Federated Directory.
-
At the top right of the gray box, click Edit Service
.
-
To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
-
To turn on or off a service only for users in an organizational unit:
- At the left, select the organizational unit.
- Select On or Off.
- To keep the service turned on or off even when the service is turned on or off for the parent organizational unit, click Override.
- If the organization's status is already Overridden, choose an option:
- Inherit—Reverts to the same setting as its parent.
- Save—Saves your new setting (even if the parent setting changes).
Learn more about organizational structure.
- Ensure that your Federated Directory user account email IDs match those in your Google domain.
- Close all browser windows.
- Open https://www.federated.directory/of/{your_company_name}
and attempt to sign in. You should be automatically redirected to the Google sign in page. - Enter your sign in credentials.
- After your sign in credentials are authenticated, you are automatically redirected back to Federated Directory.
As a super administrator, you can automatically provision users in the Federated Directory application.