The purpose of this document is to introduce Rublon Authentication (Rublon Access Gateway) into G Suite authentication process and enable Two-Factor authentication process for G Suite users. To be able to achieve that, it is required to create Rublon Access Gateway application as well as configure several SSO settings on G Suite administration panel site. All needed steps will be described within this document.
- Rublon Access Gateway
- G Suite account with access to admin panel
Download Rublon Access Gateway certificate
- Sign in to Rublon Access Gateway
- Go to Applications->All applications
- Download certificate
- You will need it in G Suite SSO settings and during adding app to Rublon Access Gateway
Configure G Suite SSO settings
- Login as super admin to G Suite admin console
- Choose Security:
- Choose Single Sign On tab:
- Fill required component data from Rublon Access Gateway metadata.
- Check “Setup SSO with third party identity provider” checkbox this will enable and force Single Sign on.
- Copy SSO URL from Rublon Access Gatewa to Sign-in page URL
- Copy Logout URL from Rublon Access Gatewa to Sign-out URL
- In the Verification certificate field, select the Rublon Access Gatewa certificate which you downloaded before and upload it.
- Check “Use a domain specific issuer” checkbox
- Save Configuration
Create new application in Rublon Access Gateway
- Login into your Rublon Access Gateway instance.
- Open “Applications” perspective.
- Select “Add application” tab.
- Fill form with data:
- Application name – will be display in Rublon Admin Console
- Entity ID – google.com/a/your_domain
- Assertion Consumer Service – https://www.google.com/a/your_domain/acs
- Single Logout Service – https://google.com/a/out/tld/?logout
- NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- NameID attribute- “mail”
- Check “Sign response”
- Add previously downloaded certificate from Rublon Access Gateway to “Certificate for singing” field
Check integration with G Suite
Go to Google account login page
Provide email eg. “[email protected]_domain” and / or password
NOTE: You can not use account with Super Admin