Configuring SSO for Google
The Clumio service can integrate with Google for seamless user authentication. Follow the steps below to configure Google IDP as a Single Sign On service for Clumio.
Prerequisites
Ensure that you have the following before you start configuring Google as an IDP:
- Google account with admin privileges
- Clumio account with Super Admin Role
Enable Google integration with Clumio
In Google
- Open Google Admin Console > Apps > Web and Mobile Apps.
- Add custom SAML App.
![](https://files.readme.io/5149014-googleSSO1.png)
- Enter the App Name and click Continue.
![](https://files.readme.io/77e0365-googleSSO2.png)
- Download Metadata and click Continue.
![](https://files.readme.io/2bd9cd6-googleSSOstep4.png)
- You should see the following screen:
![](https://files.readme.io/dfa3a13-googleSSO4.png)
- From step 4 in the Clumio setup below, copy the Audience URI to Entity ID and the ACS URL to ACS URL.
- Make sure the Signed Response check box is selected.
![](https://files.readme.io/38231e7-googleSSO8.png)
- Click Continue with all the other default settings.
- Turn on the app for appropriate users or organizational units.
![](https://files.readme.io/e9d9c74-googleSSO10.png)
- Click Save and return to the app.
- On the SAML Attribute Mapping screen, make sure that the primary email maps to: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
![](https://files.readme.io/c2e3e1d-googleSSO12.png)
- Proceed to complete the setup in Clumio.
In Clumio
- Log on to Clumio.
- Navigate to Settings > Access Management > Authentication (SSO/MFA)
- Click Configure SSO under Strategy.
- Copy the Audience Restriction, Assertion Customer Service (ACS) URL, and the Sign-On URL. This information is needed for step 6 on the IdP side setup.
- Scroll down and upload the metadata retrieved from the IdP. You can use the URL, upload the metadata XML file, or configure it manually.
- Click Save Configuration and then click Test with my Account. This should open a new tab to test the SSO connection.
- Once the connection test is successful, click Activate SSO.
This step is important for SSO enablement. - Optionally, enable the check box to send emails to notify all users of the SSO enablement, or else click Enable.
Note: For any user to utilize Clumio login through Google SSO, the user needs to be explicitly added from the Clumio UI; Settings > Access management > Users.
Contact [email protected] with any questions or concerns.
Updated 4 months ago