SAML Authentication Settings in Google G Suite

This section explains how to register learningBOX as a SAML application for Google G Suite.

Contents

Configuration Flow

1. Log in to the G Suite management console and select the "Apps" section.

2. Select "SAML Application" and click the "+" icon in the lower right corner.

3. Click the "+" icon to display the SAML application setup wizard.
 Select "Custom App Setup" at the bottom of the screen.

4. Settings on the learningBOX side that is SP

Google's IdP information is displayed, and this is entered into the SAML detailed settings screen on the learningBOX side.
In the Site Customizer, select "Basic Settings" > "Integrate with External Systems" > "Use SAML" and turn "Use SAML" On.
SSO URL" to "HTTP-POST URL",
Enter the "Entity ID" in the "Issue URL (IdP Entity ID)" field,
Paste the downloaded certificate into "X509Certificate".
Save the settings.

5.Setup on G Suite side as Idp

First, enter basic information about the SAML application.
Press "Next" to proceed to the basic information entry screen.

Please set "learningBOX" for the application name and an image such as learningBOX for the logo image.

Then, enter various information about the learningBOX.

On the learningBOX side, select "Basic Settings" > "Connect with External Systems" > "Use SAML" in the Site Customizer and open the tab "SP (learningBOX) Configuration Information" to display the learningBOX information.
ACS URL for learningBOX" in "ACS URL."
Entity ID of learningBOX" in "Entity ID."
Enter the "learningBOX Login URL" in the "Start URL" field.
Tick the Signed Response, select "Basic Information - Main Email Address" for Name ID, and select "UNSPECIDIED" for the Name ID format.

6. Attribute Mapping
Since learningBOX links accounts based on the user's email address and domain information, no special configuration is required.
Click "Done."

You will now be redirected to the G Suite login screen and SAML authentication will be activated.
At this point, however, only the owner administrator can use learningBOX's SAML authentication.
To enable SAML authentication for other users, click on "Edit Service" from the SAML app settings and change the status of the service to the desired target.

After the change, you can log in from the dedicated learningBOX page.
Single sign-on is also possible from the G Suite application screen.

If you have enabled SAML authentication for G Suite

If you have enabled SAML authentication in G Suite, please turn off the Google account authentication toggle and turn only the SAML toggle On.

Contents