Google

In this document you are going to set up IDmelon as an external IdP to the Google.

Login to Google administration panel


In order to set up the connection, you will need to log into your Google administration panel.

Add Identity Provider


In the Google administration panel, from the side menu, navigate to the Security menu.

Then from the Security menu, select the Overview sub-menu.

alt

Then scroll down and navigate to Set up Single Sign-On (SSO) with a third-party IdP

alt

  • In Third-party SSO profile for your organization, click Add SSO profile.
  • Check the Set up SSO with third-party identity provider box.

Get all values for {..} from your IDmelon panel. If you are currently logged in here, you will see the replaced values instead.

  • Sign-in page URL: idp_single_sign_on_url
  • Sign-out page URL: idp_single_sign_on_url
  • Verification Certificate: idp_certificate_download_url
  • Click Save.

alt

Create an SSO profile

  • In the Single Sign-On (SSO) with third-party Identity Providers (IDPs) panel.
  • Scroll down to Third-party SSO profiles, click Add SAML profile.

alt

  • Enter a name for the profile.
  • IDP entity ID: idp_issuer_uri
  • Sign-in page URL: idp_single_sign_on_url
  • Upload certificate: idp_certificate_download_url
  • Click Save.

alt

IDmelon SAML configuration


After completing the previous Setup Google connection section and submitting the form, you can see a new IdP added to your list.

You should copy values of below fields from the SP details Under the SAML SSO profile to the IDmelon Panel:

  • Entity ID
  • ACS URL

alt

Manage SSO profile assignments


Scroll down and navigate to Manage SSO profile assignments.

  1. Choose Another SSO Profile.
  2. Select your Custom SSO config Select SSO profile.
  3. Choose Have Google prompt for their username, then redirect them to this profile’s IDP sign-in page..

You can choose Users, Groups, Organizational units to activate IDmelon SSO.

alt

Domain-specific service URLs


Scroll down and navigate to Domain-specific service URLs.

alt

Check Automatically redirect users to the third-party IdP in the following SSO profile box, To finally submit SSO profile.

Then Select SSO Profile for your organization, under the SSO profile field.

Click Save.

alt

API Token


  • In the Google Cloud console, enable the People API.
  • Create New Project :
    • Choose a custom name in Project name
    • Choose an organization in Location
    • Click CREATE

alt

  • Select your Custom Project.
  • Confirm project, then click NEXT.

alt

  • Click ENABLE.

alt

  • Then from Google Console, in APIs and services panel, click CREATE CREDENTIALS and choose each Api option which you want to use.

alt

  • Then the API will be created, and you can copy your needed values:
    • If you choose OAuth client ID.

alt