Google Apps Security
miniOrange provides a ready to use solution for Google Apps. This solution ensures that you are ready to roll out secure access to Google Apps to your employees within minutes.

Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.

Google Apps Security


miniOrange provides secure access to Google Apps for enterprises and full control over access of Google Apps application, Single Sign On (SSO) into your Google Apps Account with one set of login credentials. miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user. Now you can restrict use of Google Apps only within intranet and block user access from outside network.

Contents


  • Google apps Single Sign On using existing IdP

    miniOrange allow you to restrict use of Google Apps only within intranet ( office premises ) and blocks user access from outside network. Also you can keep access open for some users from outside network by creating different group for them.


    1. Setting up Google Apps as Service Provider

    2. Restrict IPs for Single Sign On to Google Apps

  • Single Sign On with Google Apps

    Login to your applications with Google Apps as IdP. Click here to check the step-by-step guides to configure Google Apps as IdP for Single Sign On to WordPress or Canvas LMS.



Follow the Step-by-Step Guide given below for Restrict Google Apps Access.


Step 1: Configure Single Sign On (SSO) Settings for Google Apps

Step 2: Steps to restrict access of Google Apps outside office premises(IP Based restriction)

Step 3: Setup Single Sign On for your domain in Google Apps

Step 4: Now sign in to your Google Apps account with miniOrange IdP by either of the two steps:

    1. Using SP initiated login :-

    1. Go to http://mail.[domain_name], enter your Email Address and click on Login. Now you will be redirected to miniOrange IdP Sign On Page.


    2. Enter your miniOrange login credential and click on Login. You will be automatically logged in to your Google Apps account.

    2. Using IdP initiated login :-

    1. Login to your miniOrange Self Service Console as an End User and click on the Google Apps icon on your Dashboard.

OR


Follow the Step-by-Step Guide given below to configure Google Apps as IdP to Single Sign On to WordPress.

STEP 1: Configure Wordpress site as SAML Service Provider in Google Apps

  • Go to https://admin.google.com and login to your Google Apps Administrator account.
  • On the Admin Home, select More Controls > Apps.


  • In the App Settings, select SAML apps.
  • Click on the "+" button at the bottom right corner to create a new SAML app.
  • Now select SETUP MY OWN CUSTOM APP from the popup.


  • On the next screen, note down the SSO URL, Entity ID URLs and download the certificate. These will be required while configuring the Plugin.
  • Once you have noted down the URLs and downloaded the certificate, click on Next.
  • Enter the Application Name and Description. Click on Next.
  • Configure the following things on the next screen:
  • ACS URL ACS (AssertionConsumerService) URL from Step1 of the plugin under How to Setup SP in Google Apps Tab.
    Entity ID SP-EntityID / Issuer from Step1 of the plugin under How to Setup SP in Google Apps Tab.
    Signed Response Checked
    Name ID Select Basic Information from the first dropdown. Then Primary Email from the second dropdown.


  • Click on Next. Then click on Finish.
  • Now go to SAML Apps again. Click on the menu link corresponding to your app (See the screenshot). Then select ON for everyone.



  • From the popup, Click on TURN ON FOR EVERYONE.

STEP 2: Configuring Google Apps as Identity Provider in Wordpress Login with Google Apps plugin

  • In miniOrange Login with Google Apps plugin, go to IDP Setup tab and enter the following details:
  • Identity provider Name: GoogleApps
    SAML Login URL The SSO URL that you noted down while configuring the Wordpress site in Google Apps.
    IdP Entity ID or Issuer The Entity ID that you noted down while configuring the Wordpress site in Google Apps.
    X.509 Certificate Open the downloaded certificate in the Notepad. Copy paste the entire content of the file here.
    Response Signed Checked
    Assertion Signed UnChecked
  • Click Save to configure the plugin and test the configuration by clicking on Test Configuration.


Follow the Step-by-Step Guide given below to configure Google Apps as IdP to Single Sign On to Canvas using miniOrange broker service.


STEP 1: Identify your primary Identity source and configure it in miniOrange.

  • Configure Google Apps to register the miniOrange broker service.
  • Enter following details for Service Provider details in Google Apps configuration:
  • ACS Url https://auth.miniorange.com/moas/broker/login/saml/acs/<YOUR_CUSTOMER_KEY>
    SP Entity ID https://auth.miniorange.com/moas/
  • Click here to login to miniOrange admin dashboard.
  • Go to Identity Sources from side menu.
  • Click on Configure Identity Source Button on top right corner on screen.
  • Add your Identity Source here entering all the required fields that you noted down while configuring Google Apps and click on SAVE button.



Step 2: Configure Single Sign On (SSO) Settings for Canvas LMS

  1. Login to miniOrange Admin Console.
  2. Go to Apps >> Manage Apps . Click Configure Apps button.
  3. Click on SAML tab. Select Canvas and click Add App button.


  4. Make sure the SP Entity ID or Issuer is in the format: https://your_domain.acme.instructure.com/saml2.
  5. Make sure the ACS URL is in the format: https://your_domain.acme.instructure.com/saml
  6. In the Attributes section, enter the value NameID in the Attribute Name field, select E-Mail Address from the Attribute Value list.
  7. Click on Add Apps to configure Canvas.
  8. Click on Download Certificate link to download the certificate which will be required later.


Step 3: Configure Single Sign On (SSO) SAML Settings in Canvas LMS

  1. Login to your Canvas LMS domain as an Account Administrator.
  2. Switch to Admin View from bottom-right of the screen .
  3. Go to Admin and click on your domain name.


  4. Click on Authentication in the left pane and select SAML from the Choose an authentication service drop down list.


  5. Enter the following details:
  6. IdP Entity IDhttps://auth.miniorange.com/moas
    Log On URLhttps://auth.miniorange.com/moas/broker/login/saml/acs/<YOUR_CUSTOMER_KEY>
    Certificate FingerprintFollow the steps below to copy the Thumbprint of certificate.
    Login AttributeNameID
    Identifier Formaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Authentication Contexturn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  7. Open the certificate that was downloaded earlier.
  8. Go to Details.
  9. In the Field column, select Thumbprint.
  10. Copy the Thumbprint that opens in the pane by pressing CTRL+C (Right-Click wont work!).
  11. Paste the Thumbprint in the Certificate Fingerprint.
  12. Make sure that there are no spaces in between the Certificate Fingerprint. Remove them manually.
  13. Click the Save to save the Single Sign On (SSO) SAML settings.
  14. Use https://your_domain.acme.instructure.com/login/saml to test the configuration.


For further details refer :
https://developers.google.com/google-apps/sso/saml_reference_implementation
https://support.google.com/a/answer/60224?hl=en


Business trial for free

If you don't find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387 to find an answer to your question about Google Apps Single Sign On (SSO).


Watch the videos to learn more. Watch Demo