1. Splashtop Business - Support
  2. Account
  3. Single Sign-On (SSO)

Creating a Custom App with Gsuite

Follow
Avatar
Fady

Create a Custom App with Gsuite

  1. Sign into your Google Admin console by going to https://admin.google.com/
  2. From the Admin console Home page, go to Apps -> Web & Mobile apps -> Add App -> Add custom SAML app
  3. The App details page will show up where you will enter the name and icon(optional) for the app.
  4. Click Continue.
  5. On the Google Identity Provider details page, get the setup information needed by the service provider using one of these options below. (This is their metadata information not Splashtops)
    1. Download the IDP metadata.
    2. Copy the SSO URL and Entity ID and download the Certificate (or SHA-256 fingerprint, if needed).
  6. Once you do that, there will be a Service Provider page that will show up(see screenshots). You will need to enter an ACS URL, Entity ID, and Start URL (if needed) for your custom app. These values are all provided by the service provider. (Splashtop Information)

acs_url_entity_ID.png

  • ACS URL: https://my.splashtop.com/sso/saml2/other_idp/acs
  • Entity ID: https://my.splashtop.com
  • Start URL: other_idp-login
  • (Optional) Check the “Signed” Response box if your service provider requires the entire SAML authentication response to be signed. If this is unchecked (the default), only the assertion within the response is signed.
  • For Name ID Format, you can pick EMAIL. For Name ID you can pick basic information -> Primary email and click Continue.
  • Click Save or Finished.

nameID_Email.png

settings_page.png

Turn on your SAML app

  1. Sign into your Google Admin console by going here: https://admin.google.com/
  2. From the Admin console Home page, go to Apps -> Web & mobile apps.
  3. Select your SAML app and click User access
  4. To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save
  5. (Optional) To turn a service on or off for an organizational unit:
    1. On the left, select the organizational unit.
    2. Select On or Off
    3. Click Override to keep your setting if the service for the parent organizational unit is changed.
    4. If Overridden is already set for the organizational unit, choose an option:
      1. Inherit - Reverts to the same setting as its parent.
      2. Save - Saves you new settings (even if the parent setting changes)
  6. Learn more about organizational structure works by going here: https://support.google.com/a/answer/4352075
  7. To turn on a service for a set of users across or within organizational units, select an access group. For details, turn on a service for a group of users instead of the entire org: https://support.google.com/a/answer/9050643
  8. Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain.

Verify that SSO is working with your custom app

You can test both Identity Provider (IdP) initiated SSO, and (if your app supports it) Service Provider (SP) initiated SSO.

  1. Sign into your Google Admin console by going here: https://admin.google.com/
  2. From the Admin console Home page, go to Apps ->Web and mobile apps.
  3. Select your custom SAML app.
  4. At the top left, click Test SAML login (your app should open in a separate tab)
    1. Open the SSO URL for your new SAML app. You should be automatically redirected to the Google sign-in page.
    2. Enter your username and password. (After your sign-in credentials are authenticated, you're automatically redirected back to your new SAML app.)

 

 

0 out of 0 found this helpful

Articles in this section

See more