Configuring Google Apps to authenticate with SAML2 enterprise authentication using Ipsilon.
This guide describes how to set up Google Apps to authenticate against Ipsilon as a SAML2 SP.
This guide has been tested with:
but is known to work with other versions.
Go to your Ipsilon web management URL, and login as an administrator account. Then go to Administration -> Identity Providers -> SAML2 -> Manage, and click Add New. For name you can enter anything you like, for Metadata text enter (replacing "mydomain.com" twice with your Google Apps domain name):
<EntityDescriptor entityID="google.com/a/mydomain.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/mydomain.com/acs" /> </SPSSODescriptor> </EntityDescriptor>
Now click Add.
Now wait about 15 minutes for Google to sync this out.
Log out if you are logged in. Go to any Google login page, and enter your Apps email address. You should now be forwarded to Ipsilon to log in, and afterwards sent back to Google, logged in.
Note: Google will not redirect you to Ipsilon if you enter an Admin account email address or one that is unknown to them.