Add apps to the password vaulted apps service

This feature is available with G Suite Enterprise, Cloud Identity Premium, and G Suite Enterprise for Education.

G Suite supports Single Sign-On for apps that leverage federation through SAML. While many apps support this standard, there are thousands of apps that either do not support federation or customers prefer not to use this standard. Instead, these apps use credentials for sign-on. The password vaulted apps service enables you to manage access to these apps centrally and track the access to these apps.

To set up the password vaulted apps service, you'll need to add apps to the service by searching and choosing from the available web-based applications in the app library, or you can add a custom app. For instructions, see the sections below.

Important: Before you add apps to the password vaulted apps service, we recommend that you set up a new group structure in the Google Admin console that’s designed specifically for password vaulted apps. For instructions, see Get started with password vaulted apps.

Add apps from the app library

  1. Sign in to the Google Admin console at admin.google.com.
    Be sure to sign in with your administrator account and not with your personal Gmail account.
  2. From the Menu menu in the upper-left section of the page, go to Apps > Password vaulted apps.
  3. Click ADD APP.
  4. To search the library of available apps, type a name for the app.
    A list of matching applications is displayed.

    Note: If the app you're searching for doesn't exist in the library, you can add a custom app. For instructions, see Add a custom app below.
     
  5. Scroll over the app that you want to add, and click ADD APP.
  6. Enter the app details:
    In the App name field, type a custom display name that will appear on the user dashboard.
    If needed, enter both the app name and a Login URL. You would need to do this for apps with multiple installations (in other words, apps with multi-tenancy) and with different login URLs. 
  7. Click ADD APP.
  8. To assign a group or user to the app, click Assignments.
    Use the Groups or Users filter to narrow the assignment to a selected set of users. 
  9. Once you select the groups or users, click Grant access.

Add a custom app

If the web-based applications that you're looking for are not available in the app library, you can add a custom app to the password vaulted apps service. To add a custom app, you'll need to follow the steps below to retrieve details from the login page for the custom app. This process only works correctly for apps where the username field, password field, and submit button are located on the same login page.

Follow these steps: 

  1. Sign in to the Google Admin console at admin.google.com.
    Be sure to sign in with your administrator account and not with your personal Gmail account.
  2. From the Menu menu in the upper-left section of the page, go to Apps > Password vaulted apps.
  3. Click ADD APP.
  4. In the Search apps field, type custom app, hover your cursor over Custom App, and then click ADD APP.

    Note: You can also type the name of an app that doesn't exist in the app library, and then click ADD A CUSTOM APP.
     
  5. Enter the following app details for the custom app:
    1. App name—Type a custom display name that will appear on the user dashboard.
    2. Login URL—This is the full login URL for the custom app that you want to add to the password vaulted apps service. For example, enter https://solarmora.com if the login URL is https://solarmora.com.
    3. Login CSS Selector—Type a valid login CSS selector. (For details about CSS selectors, see CSS Selector Reference.)

      You'll need to retrieve the Login CSS Selector from the Login URL page described in the step above, and provide this information so that the Google system can find the login field for your app:
      1. From the login page, right-click on the username field, and choose Inspect. This opens your browser's DevTools console, and the DOM element of the username field is highlighted. The following text string is an example of a DOM element:

        <input type="text" class="inputtext _55r1 _6luy" name="email" placeholder="Email or Phone Number" aria-label="Email or Phone Number">
         
      2. Copy the ID attribute or name attribute from the highlighted DOM element—for example, name="email". If an ID attribute and name attribute are not available, then copy the type attribute. The ID and name attributes are recommended because they're unique to the DOM element. Other attributes also work if the attribute's value is unique to this DOM element.
      3. Using the above example, paste name="email" into the Login CSS Selector field, and add square brackets as follows: [name="email"]

        Note: This is simply an example of a string that you might enter in the Login CSS Selector field.
    4. Password CSS Selector—Type a valid password CSS selector.

      Similar to the step above, you'll need to retrieve the Password CSS Selector from the Login URL page:
      1. From the login page, right-click on the password field, and choose Inspect. This opens your browser's DevTools console, and the DOM element of the password field is highlighted.
      2. Copy the ID attribute or name attribute from the highlighted DOM element—for example, name="pass". If an ID attribute and name attribute are not available, then copy the type attribute. The ID and name attributes are recommended because they're unique to the DOM element. Other attributes also work if the attribute's value is unique to this DOM element.
      3. Using the above example, paste name="pass" into the Password CSS Selector field, and add square brackets as follows: [name="pass"]

        Note: This is simply an example of a string that you might enter in the Password CSS Selector field.
    5. Submit CSS Selector—Type a valid CSS selector for the submit button.

      Similar to the steps above, you'll need to retrieve the Submit CSS Selector from the Login URL page:
      1. From the login page, right-click on the login button, and choose Inspect. This opens your browser's DevTools console, and the DOM element of the login button is highlighted.
      2. Copy the ID attribute or name attribute from the highlighted DOM element—for example, name="login". If an ID attribute and name attribute are not available, then copy the type attribute. The ID and name attributes are recommended because they're unique to the DOM element. Other attributes also work if the attribute's value is unique to this DOM element.
      3. Using the above example, paste name="login" into the Submit CSS Selector field, and add square brackets as follows: [name="login"]

        Note: This is simply an example of a string that you might enter in the Submit CSS Selector field.

        As an optional step, you can test the validity of the CSS selectors by using document.querySelector. ​​For details, see these examples.
  6. Click ADD APP.
  7. To assign a group or user to the app, click Assignments.
    Use the Groups or Users filter to narrow the assignment to a selected set of users.
  8. Once you select the groups or users, click Grant access.

Related articles

 

Was this helpful?
How can we improve it?