Identity Provider Integration III: Google
Create your Custom App
For the SAML2 usage with Google Accounts you’ll need to create your own custom SAML application.
SAML2 authentication with Google Accounts is supported from Silverback Version 21.0 Update 1.
- Open your Google Admin Console
- Login with your super administrator account
- Click Apps in the middle frame
- Select Web and mobile apps
- Click Add App
- Select Add custom SAML App
App details
- Enter an App Name, e.g. Matrix42 Silverback
- Upload an App icon (optional)
- Press Continue
Google Identity Provider Details
- Click Download Meta
- Press Continue
Service provider details
- Enter as ACS URL your Silverback URL in the following format: https://silverback.company.com/sts/authorize/login
- Enter as Entity ID your Silverback URL in the following format silverback.company.com
- Enter as Start URL your Silverback URL in the following format https://silverback.company.com/ssp
- Select as Name ID format EMAIL
- Select as Name ID Basic Information > Primary email
- Press continue
Attribute Mapping
- Press Finish
- Wait until the application creation is finished
Grant Access to your Custom App
In this section you need to grant access to users, which will be applicable to use this application. Every User which should be able to Login to Silverback require to have a granted access. Please note that changes may take up to 24 hours to propagate to all users.
Grant Access
- Click on User Access to OFF for everyone
- Enable either ON for everyone or customize the Access to this application to Groups or Organisational units
- Press Save
Import Metadata to Silverback
Import Metadata
- Open your Silverback Management Console
- Login as Administrator
- Navigate to Admin
- Navigate to Authentication Provider
- Click Import from File
- Select Choose File
- Select your previously downloaded Metadata file (GoogleIDPMetadata.xml)
- Click Open
- Click OK
- Click OK to save these changes
- Click OK to confirm
Configure Authentication Provider
- Enable Show on Login Page
- Disable classic sign-in (optional)
- Enable Dynamic User Creation
- Silverback will create for each login a local user account for verification reasons
- Use your Identity Provider as access control mechanism
- Change the Title of your SAML2 Button, e.g Gsuite
- Change the Icon
- Change the Color
- Click Save
Try a Login
- Open your Browser in Incognito Mode
- Open Self Service Portal
- Check the SAML2 button appearance
- Click the SAML2 button
- You will be redirected to your Google Identity Provider
- Login with your credentials
- When everything went right, you should be logged it into Self Service Portal
- Take a device and perform an enrollment
Identities
- Navigate back to your Silverback Management Console
- Navigate to Users
- You should see now a new Username with your Identity Provider E-Mail and Username information
- e.g. Username: tim.tober@imagoverum.com
- e.g. Email: tim.tober@imagoverum.com
SAML2 Admin Account
- Navigate to Admin
- Navigate to User Management
- Click New System User
- Enter a username
- Enter as Email the E-mail used for your Idenity Provider (e.g. tim.tober@imagoverum.com)
- Create any password you like
- Ensure to meet minimum requirements
Type whatever you want, the authentication will be done through the Identity Provider
- Select Role
- Select Language
- Click Save
Try a Login
- Open your Browser in Incognito Mode
- Open Silverback Management Console
- Click the SAML2 Button
- You will be redirected to your Identity Provider
- Login with your Credentials
- When everything went right, you should be logged it into Silverback Management Console