Integrate with Google
In case your company uses Google, your corporate address book resides in Google Workspace Users in this Google Workspace directory login to Federated Directory with their Google account (based on OAuth 2.0 but alternatively you can also configure SAML for this).
Enabling Federated Directory to work with Google Workspace consists of two steps:
Alternatively you can use SAML instead of OAuth 2.0, which is described here:
Integrating Federated Directory with Google Workspace provides you with the following benefits:
Install from Google Workspace Marketplace
From your Google admin menu, browse to Apps ⇒ Marketplace apps. Once the screen is opened, click "Add app to domain install list". Alternatively go directly to https://gsuite.google.com/marketplace/search/Federated%20Directory
Search for "Federated Directory" app by typing in the search field.
Click the tile and a detail screen will open, on this screen click 'Domain install'.
This will kick-off the consent process to allow users to login to Federated Directory using a Google Workspace account. Click CONTINUE:
After you've accepted consent, you will see information dialog.
Then select 'Federated Directory' from your Apps Launcher icon. This will show up Federated Directory but since your company hasn't been created on our side (and the name may/can deviate from your actual Google Workspace domain name), choose Sign up
Choose 'Sign up with Google'
After a couple of redirects you will arrive your Federated Directory and dialog will be show. Populate the finalize setup screen and select FINALIZE SIGNUP
From this moment onwards, when you select 'Federated Directory' from your Google Workspace App Launcher it will automatically log in to this company. You can also see your own account which was automatically created.
Now that you have created a company within Federated Directory it is time to setup provisioning of the Google Workspace accounts from your organization to Federated Directory.
Google Workspace configure provisioning
From your Google admin console, browse to Apps ⇒ SAML Apps. Once that screen is shown, click yellow "Plus" button 'Enable SSO for a SAML application'
In the filter box enter 'Federated Directory' and select it.
Accept defaults and click NEXT
Click NEXT again
Change 'ACS URL' to
https://federated.directory and 'Entity ID' to
federated.directory and click FINISH.
In the next screen click SETUP NOW to configure user provisioning, but if you are planning to use SAML for authentication instead of OAuth 2.0, please follow these instructions instead.
Select EDIT SERVICE
Enable the service for all users within your Google Workspace domain by selecting "ON for everyone".
After you click SAVE you should navigate back to the SAML APPS and open it. Click User provisioning area and choose SET UP USER PROVISIONING:
Enter your directory API key from Federated Directory and select NEXT. If you don't know how to create an API key, please see Directories guide
On the "Map attributes" screen, accept the default attribute mapping between Google Workspace and Federated Directory and click NEXT
No scope is required, click FINISH
Now you can ACTIVATE PROVISIONING
Configure SAML login
The steps above will provide a Federated Directory that is automatically maintained by (de)provisioning actions and that allow your users to login to Federated Directory using OAuth 2.0.
Alternatively, you can also switch to SAML login. This is described in this article : https://support.google.com/a/answer/7530226?hl=en
IMPORTANT If you follow the instruction provided by the link above, in step 3, you don't need to replace directoryId in the ACS URL, but replace the complete url by:
The login chapter describes how users can login with their Google account. Enabling this, is as easy as selecting
Google accounts from the authentication drop-down on a directory.
We only allow access to users that are created in your directory. During the authentication process we map the users Google ID with the
userName of the user in our directory.
|Google Directory||Federated Directory|
|Attribute mapping||id||userName ️️|
So make sure these are filled in correctly.