Introduction
The main purpose of establishing a Single Sign On (SSO) process with Absorb is to allow your users a single point of entry into your system while providing them access to multiple other independent systems. With this process a user logs in with a single ID to gain access to a multitude of other systems without being prompted for different usernames and passwords.
This article discusses configuration of SSO using Google Workspace. For the purposes of this article the Absorb system will act as the Service provider (SP). Your Google Workspace account will act as the Identity Provider (IdP).
Please note that SSO is an additional feature that usually involves an additional fee and technical resources on the client side to develop and/or configure the solution.
Disclaimer: Absorb LMS supports Incoming SAML 2.0 Single Sign-On as a feature, however we do not officially support any specific client-side (IdP) solution. Although Google Workspace is known to generally work with our implementation of SAML SSO, it is the client's responsibility to configure/develop and maintain their side of the integration. This will require a client resource who is knowledgeable and familiar with their particular Google Workspace instance. This guide is provided to our clients as a convenience only, based on our past experience working with clients who employ Google Workspace .
- Instructions: Configuring Google Workspace
- Instructions: Find Your Login URL
- Instructions: Absorb Setup
Instructions: Configuring Google Workspace
Note: To enlarge thumbnail images, right-click on picture and select "Open image in new tab".
Step |
Action | Image |
---|---|---|
1. | Login to your G-Suite Admin Console. | |
2. | Select Apps. | |
3. | Select SAML apps. | |
4. | Click on the + icon on the bottom right of the page to create a new SAML app. | |
5. | Select SETUP MY OWN CUSTOM APP. | |
6. |
Download the certificate and save it for use in a later step. Click the DOWNLOAD button and then select NEXT. |
|
7. | Enter an Application Name (for Google Workspace admin reference) and a description/logo if desired; then click NEXT. | |
8. | Enter your Absorb ACS URL (generally speaking, this URL follows the format of https://company.myabsorb.com/api/rest/v2/authentication/saml) | |
9. | The Entity ID is identical to the ACS URL. | |
10. | Set the Name ID field to the user profile field in Google Workspace that Absorb should match. | |
11. | Leave the Name ID Format as UNSPECIFIED. | |
12. | Attribute mapping is used for account provisioning (also known as just-in-time provisioning), and is outside the scope of this guide. You may leave this section blank and click FINISH. An example provisioning setup is shown, however for full details, see our SSO Account Provisioning article here: https://support.absorblms.com/hc/en-us/articles/360014083294-Incoming-SAML-2-0-SSO-Account-Provisioning |
|
13. | Select EDIT SERVICE. | |
14. | Select ON for everyone or navigate to the specific organizational unit you'd like to enable and set the service status to ON for that unit, then save. |
Instructions: Find Your Login URL
Once the app is turned on in Google Workspace (step 14 above) it will display in the list of apps in the top right corner of Google Workspace . Note that you may need to click More and scroll down to find it in the list, as shown below. Once the app is turned on in Google Workspace (step 14 above) it will display in the list of apps in the top right corner of Google Workspace.
Note: To enlarge thumbnail images, right-click on picture and select "Open image in new tab".
Step | Action | Image |
---|---|---|
1. | Note that you may need to click More and scroll down to find it in the list, as shown below. | |
2. |
Right click the app icon and ‘Copy link address’. This is our IdP initiated URL, and we’ll add it to the Login URL field in Absorb Portal Settings. |
Instructions: Absorb Setup
Note: To enlarge thumbnail images, right-click on picture and select "Open image in new tab".
Step | Action | Image |
---|---|---|
1. |
Login to the Absorb admin portal as a System Admin and navigate to Portal Settings. From Portal Settings, there is a button in the right-side menu labelled Manage SSO Settings. If you can't see this button, please contact your Absorb Client Success Manager to discuss enabling the feature. |
|
2. | Once you have clicked the button, you will be brought to the Manage Single Sign-On Settings page. Any existing configurations will appear here, as well as the option to Add a new one.
Click Add and fill in the fields as shown below.
|
|
3. | Set the Id Property to the user profile field in Absorb that your Google Workspace Name ID should match. | |
4. | The Signature Type will be Sha1 | |
5. | The Login URL should be the 'SSO URL' value above. | |
6. | The Logout URL should be left blank. Google currently does not support SAML Single Log Out as an identity or service provider. | |
7. | Set Automatically Redirect as desired.
|
|
8. | Assign which routes in your portal you would like to associate with this SSO configuration. | |
9. | Save your configuration. |
Comments
Please sign in to leave a comment.