Integrate with Google

In case your company uses Google, your corporate address book resides in Google Workspace Users in this Google Workspace directory login to Federated Directory with their Google account (based on OAuth 2.0 but alternatively you can also configure SAML for this).

Enabling Federated Directory to work with Google Workspace consists of two steps:

Alternatively you can use SAML instead of OAuth 2.0, which is described here:

Integrating Federated Directory with Google Workspace provides you with the following benefits:

Install from Google Workspace Marketplace

From your Google admin menu, browse to Apps ⇒ Marketplace apps. Once the screen is opened, click "Add app to domain install list". Alternatively go directly to https://gsuite.google.com/marketplace/search/Federated%20Directory

GSuite Admin

Search for "Federated Directory" app by typing in the search field.

Search Federated Directory in Google Marketplace

Click the tile and a detail screen will open, on this screen click 'Domain install'.

Federated Directory in Google Marketplace

This will kick-off the consent process to allow users to login to Federated Directory using a Google Workspace account. Click CONTINUE:

Prompt in Marketplace to install Federated Directory Admin console consent

After you've accepted consent, you will see information dialog.

App installed in Marketplace

Then select 'Federated Directory' from your Apps Launcher icon. This will show up Federated Directory but since your company hasn't been created on our side (and the name may/can deviate from your actual Google Workspace domain name), choose Sign up

Federated Directory sign in

Choose 'Sign up with Google'

Federated Directory sign up

After a couple of redirects you will arrive your Federated Directory and dialog will be show. Populate the finalize setup screen and select FINALIZE SIGNUP

Finalize signup

From this moment onwards, when you select 'Federated Directory' from your Google Workspace App Launcher it will automatically log in to this company. You can also see your own account which was automatically created.

Federated Directory portal

Now that you have created a company within Federated Directory it is time to setup provisioning of the Google Workspace accounts from your organization to Federated Directory.


Google Workspace configure provisioning

From your Google admin console, browse to Apps ⇒ SAML Apps. Once that screen is shown, click yellow "Plus" button 'Enable SSO for a SAML application'

SAML Apps

In the filter box enter 'Federated Directory' and select it.

Enable SSO for a SAML application dialog

Click NEXT

Google IdP Information dialog

Accept defaults and click NEXT

Basic information for Federated Directory dialog

Click NEXT again

Service Provider Details dialog

Change 'ACS URL' to https://federated.directory and 'Entity ID' to federated.directory and click FINISH.

In the next screen click SETUP NOW to configure user provisioning, but if you are planning to use SAML for authentication instead of OAuth 2.0, please follow these instructions instead.

Set authentication to Google

Select EDIT SERVICE

Federated Directory edit screen

Enable the service for all users within your Google Workspace domain by selecting "ON for everyone".

Set authentication to Google

After you click SAVE you should navigate back to the SAML APPS and open it. Click User provisioning area and choose SET UP USER PROVISIONING:

Federated Directory edit screen

Enter your directory API key from Federated Directory and select NEXT. If you don't know how to create an API key, please see Directories guide

Authorize dialog

On the "Map attributes" screen, accept the default attribute mapping between Google Workspace and Federated Directory and click NEXT

Map attributes dialog

No scope is required, click FINISH

Set provisioning scope dialog

Now you can ACTIVATE PROVISIONING

Activate provisioning dialog Consent dialog

Configure SAML login

The steps above will provide a Federated Directory that is automatically maintained by (de)provisioning actions and that allow your users to login to Federated Directory using OAuth 2.0.

Alternatively, you can also switch to SAML login. This is described in this article : https://support.google.com/a/answer/7530226?hl=en

IMPORTANT If you follow the instruction provided by the link above, in step 3, you don't need to replace directoryId in the ACS URL, but replace the complete url by:

https://api.federated.directory/v2/Login/Saml2/{directoryId}/Acs

Authentication

The login chapter describes how users can login with their Google account. Enabling this, is as easy as selecting Google accounts from the authentication drop-down on a directory.

Set authentication to Google

We only allow access to users that are created in your directory. During the authentication process we map the users Google ID with the userName of the user in our directory.

Google Directory Federated Directory
Attribute mapping id userName ️️

So make sure these are filled in correctly.

Still need help? Get in touch!
Last updated on 1st Jan 1980