Integrate with Google
In case your company uses Google, your corporate address book resides in G-Suite. Users in this G-Suite directory login to Federated Directory with their Google (G-Suite) account (based on OAuth 2.0 but alternatively you can also configure SAML for this).
Enabling Federated Directory to work with G-Suite consists of two steps:
Alternatively you can use SAML instead of OAuth 2.0, which is described here:
Integrating Federated Directory with Google G-Suite provides you with the following benefits:
G Suite install from marketplace
From your Google admin console, browse to Apps -> Marketplace apps. Once that screen is shown, select 'Add service to your domain'.
In the box that shows called 'G Suite Marketplace' enter 'Federated Directory' in the search field and hit enter. The only app showing up will be 'Federated Directory'.
Click the tile and a detail screen will open, on this screen click 'DOMAIN INSTALL'. This will kick-off the consent process to allow users to login to Federated Directory using a G Suite account.
Then select 'Federated Directory' from your Apps Launcher icon. This will show up Federated Directory but since your company hasn't been created on this side (and the name may/can deviate from your actual G Suite domain name), choose 'Sign up'
Select 'Sign up with Google'
Populate the finalize setup screen and select 'FINALIZE SIGNUP'.
From this moment onwards, when you select 'Federated Directory' from your G Suite App Launcher it will automatically login to this company. You can also see your own account which was automatically created. Time to find some collegues! :-)
Now that you have created a company within Federated Directory it is time to setup (de)provisioning of the G Suite accounts within your organization to Federated Directory.
G Suite configure provisioning
From your Google admin console, browse to Apps -> SAML Apps. Once that screen is shown, select 'Add service to your domain'.
In the filter box enter 'Federated Directory' and select it.
Change 'ACS URL' to
https://federated.directory and 'Entity ID' to
federated.directory and select 'FINISH'. In the next screen select 'SETUP NOW' to configure user provisioning.
IMPORTANT If you are planning to use SAML for authentication instead of OAuth 2.0, please follow these instructions.
Select 'EDIT SERVICE' and enable the service for all users within your G Suite domain.
Enter your directory API key from Federated Directory and select 'NEXT'.
Accept the default attribute mapping between G Suite and Federated Directory and select 'NEXT'.
No scope is required so select 'FINISH'.
Now you can 'ACTIVATE PROVISIONING'.
Configure SAML login
The steps above will provide a Federated Directory that is automatically maintained by (de)provisioning actions and that allow your users to login to Federated Directory using OAuth 2.0.
Alternatively, you can also switch to SAML login. This is described in this article : https://support.google.com/a/answer/7530226?hl=en
IMPORTANT If you follow the instruction provided by the link above, in step 3, you don't need to replace directoryId in the ACS URL, but replace the complete url by:
The login chapter describes how users can login with their Google account. Enabling this, is as easy as selecting
Google accounts from the authentication drop-down on a directory.
We only allow access to users that are created in your directory. During the authentication process we map the users Google ID with the
userName of the user in our directory.
|Google Directory||Federated Directory|
|Attribute mapping||id||userName ️️|
So make sure these are filled in correctly.