This guide explains how to integrate Assertiv with Google GSuite using SAML. When this set up is complete, users will be able to log into GSuite using their Assertiv account.
Note: The screenshots used are for demonstrative purposes only and are accurate at time of writing. These screens can change over time. Please let us know if this document no longer reflects the application.
In order to configure GSuite for SAML SSO, you will need the following:
- A GSuite admin account and sufficient permissions to set up Security configuration in the Admin Console.
Create GSuite App in Assertiv
Log into your Assertiv Organization (https://<your-org>.assertiv.com) as an Admin user and select the Manage Apps dashboard tile.
Select the Create App button to create a new Application configuration in Assertiv.
Search for the GSuite application and select.
You will be prompted for some information on the following page.
Google GSuite Service Name : The name entered here will be used when displaying this app to end users from their Applications page and in administrative app configuration pages.
Signing Certificate: The certificate is used to create a trust relationship between Assertiv and your GSuite account. For advanced users, if you have created a certificate you wish to use, select it here. Otherwise (or if you are unsure) you can select "-- Generate New Signing Certificate --".
Save the configuration. When the save completes, you will be taken to the Edit Service page.
Enter your email domain in this configuration, and download the Public Signing Certificate for use in your GSuite configuration.
Save your application.
Open your GSuite Admin Console (https://admin.google.com) and log in as an Administrative user.
Navigate to the Security tile
Select Set up single sign-on (SSO) with a third party IdP.
On the following screen, supply the following information:
Sign-in page URL: This is supplied on the configuration page on Assertiv (SAML Login URL (Used in Google GSuite configuration)
Sign-out page URL: https://<your-org-name>.assertiv.com/sign-out
Verification Certificate: Upload the Public Signing Certificate file from Assertiv
Change password URL: https://<your-org-name>.assertiv.com/profile
Save this configuration.
Preparing for Rollout
When enabling this feature, non-admin users will be redirected to the Assertiv login page to login to Google services such as Google Mail. Make sure your existing GSuite users have an Assertiv account with a role (explained below) assigned to allow access to GSuite.
In order for your users to access Google GSuite using their Assertiv login, you must set up a role, assign users to the role, and give that role permission to access the application. This is required for testing the integration as well.
More details on roles can be found in the following articles