Integrate with Google

In case your company uses Google, your corporate address book resides in G-Suite. Users in this G-Suite directory login to Federated Directory with their Google (G-Suite) account (based on OAuth 2.0 but alternatively you can also configure SAML for this).

Enabling Federated Directory to work with G-Suite consists of two steps:

Alternatively you can use SAML instead of OAuth 2.0, which is described here:

Integrating Federated Directory with Google G-Suite provides you with the following benefits:

G Suite install from marketplace

From your Google admin console, browse to Apps -> Marketplace apps. Once that screen is shown, select 'Add service to your domain'.

Set authentication to Google

In the box that shows called 'G Suite Marketplace' enter 'Federated Directory' in the search field and hit enter. The only app showing up will be 'Federated Directory'.

Set authentication to Google

Click the tile and a detail screen will open, on this screen click 'DOMAIN INSTALL'. This will kick-off the consent process to allow users to login to Federated Directory using a G Suite account.

Set authentication to Google Set authentication to Google Set authentication to Google Set authentication to Google

Then select 'Federated Directory' from your Apps Launcher icon. This will show up Federated Directory but since your company hasn't been created on this side (and the name may/can deviate from your actual G Suite domain name), choose 'Sign up'

Set authentication to Google

Select 'Sign up with Google'

Set authentication to Google

Populate the finalize setup screen and select 'FINALIZE SIGNUP'.

Set authentication to Google

From this moment onwards, when you select 'Federated Directory' from your G Suite App Launcher it will automatically login to this company. You can also see your own account which was automatically created. Time to find some collegues! :-)

Set authentication to Google

Now that you have created a company within Federated Directory it is time to setup (de)provisioning of the G Suite accounts within your organization to Federated Directory.

G Suite configure provisioning

From your Google admin console, browse to Apps -> SAML Apps. Once that screen is shown, select 'Add service to your domain'.

Set authentication to Google

In the filter box enter 'Federated Directory' and select it.

Set authentication to Google

Select 'Next'

Set authentication to Google

Select 'Next'

Set authentication to Google

Select 'Next'

Set authentication to Google

Change 'ACS URL' to https://federated.directory and 'Entity ID' to federated.directory and select 'FINISH'. In the next screen select 'SETUP NOW' to configure user provisioning.

IMPORTANT If you are planning to use SAML for authentication instead of OAuth 2.0, please follow these instructions.

Set authentication to Google Set authentication to Google

Select 'EDIT SERVICE' and enable the service for all users within your G Suite domain.

Set authentication to Google Set authentication to Google

Enter your directory API key from Federated Directory and select 'NEXT'.

Set authentication to Google

Accept the default attribute mapping between G Suite and Federated Directory and select 'NEXT'.

Set authentication to Google

No scope is required so select 'FINISH'.

Set authentication to Google

Now you can 'ACTIVATE PROVISIONING'.

Set authentication to Google Set authentication to Google

Configure SAML login

The steps above will provide a Federated Directory that is automatically maintained by (de)provisioning actions and that allow your users to login to Federated Directory using OAuth 2.0.

Alternatively, you can also switch to SAML login. This is described in this article : https://support.google.com/a/answer/7530226?hl=en

IMPORTANT If you follow the instruction provided by the link above, in step 3, you don't need to replace directoryId in the ACS URL, but replace the complete url by:

https://api.federated.directory/v2/Login/Saml2/{directoryId}/Acs

Authentication

The login chapter describes how users can login with their Google account. Enabling this, is as easy as selecting Google accounts from the authentication drop-down on a directory.

Set authentication to Google

We only allow access to users that are created in your directory. During the authentication process we map the users Google ID with the userName of the user in our directory.

Google Directory Federated Directory
Attribute mapping id userName ️️

So make sure these are filled in correctly.

Still need help? Get in touch!
Last updated on 9th Jul 2019