Rublon 2FA for G Suite

Last updated on February 15, 2024

Overview

The purpose of this document is to introduce Rublon Authentication (Rublon Access Gateway) into the G Suite authentication process and enable the Two-Factor authentication process for G Suite users. To be able to achieve that, it is required to create a Rublon Access Gateway application as well as configure several SSO settings on the G Suite administration panel site. All needed steps will be described within this document.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push	✔	N/A
WebAuthn/U2F Security Key	✔	N/A
Passcode	✔	N/A
SMS Passcode	✔	N/A
SMS Link	✔	N/A
Phone Call	✔	N/A
QR Code	✔	N/A
Email Link	✔	N/A
YubiKey OTP Security Key	✔	N/A

Installation

Required Components:

1. Rublon Access Gateway
2. G Suite account with access to the administrator panel

Download the Rublon Access Gateway certificate

1. Sign in to Rublon Access Gateway
2. Go to Applications → All applications
3. Click the Download Certificate button
   
4. Go into your G Suite SSO settings and add the app to Rublon Access Gateway

Configure G Suite SSO settings

1. Login as super admin to G Suite admin console.
2. Select Security.
   

   

3. Choose the Single Sign On tab:
   

   

4. Fill the required component data from Rublon Access Gateway metadata.
   

   

   1. Check the Setup SSO with third party identity provider checkbox – this will enable and force Single Sign on.
   2. Copy the SSO URL from Rublon Access Gateway to Sign-in page URL
   3. Copy the Logout URL from Rublon Access Gateway to Sign-out URL
   4. In the Verification certificate field, select the Rublon Access Gateway certificate you have downloaded before and upload it.
   5. Check the Use a domain specific issuer checkbox.
5. Save your configuration.

Create a new application in Rublon Access Gateway

1. Login into your Rublon Access Gateway instance.
2. Open the Applications tab.
3. Select the Add application subtab.
   
4. Fill the form with data:
   1. Application name – will be displayed in the Rublon Admin Console
   2. Entity ID – google.com/a/your_domain
   3. Assertion Consumer Service – https://www.google.com/a/your_domain/acs
   4. Single Logout Service – https://google.com/a/out/tld/?logout
   5. NameID Format – urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
   6. NameID attribute– “mail”
   7. Check Sign response
   8. Add the previously downloaded certificate from Rublon Access Gateway in the Certificate for singing field
5. Click the SAVE button to save the changes.

Check the integration with G Suite

Go to Google account login page

Provide your email, e.g. “username@your_domain” and / or password.

NOTE: You can not use the account with super admin privileges.

Provide your login and password

Choose one of the available methods to complete Rublon second factor authentication

Get access to your Google account

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Access Gateway

Rublon Access Gateway – Integrations